On 10/18/10 6:52 AM, N dhert wrote:> Last week, I prepared a new shorewall firewall, first tested it with the
> Basic One-interface example
> everything OK
> .
> Today, it seems my shorewall does not log anymore into /var/log/messages
> DROP actions specified in /etc/shorewall/rules
>
> These are my config files
> interfaces:
> net eth0 detect dhcp,tcpflags,logmartians,nosmurfs
> zones:
> fw firewall
> net ipv4
> policy:
> $FW net ACCEPT
> net all DROP info
> all all REJECT info
> rules:
> ACCEPT net:143.129.75.1 $FW icmp
> DROP net $FW icmp
> ACCEPT $FW net icmp
> ACCEPT net:143.129.75.1 $FW tcp 22
>
> last week, I got DROP records from the 2nd rule in rules files into the
> /var/log/messages
No you did not. You got ping packets logged BEFORE YOU ADDED THAT RULE
because logging (info) is configured on your net->all policy.
Get rid of that second rule -- you don''t need it and it is too general;
ICMP is much more than just ping (echo-request) and should not be
blocked unconditionally.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev