The search capability at http://www.shorewall.net has been improved. - The quick search on the main page no longer includes the mailing list archives. - The extended search page (http://www.shorewall.net/htdig/search.html) allows you to search: a) the entire site (including the archives); b) the site excluding the archivesj; or, c) just the archives. - The mailing list information page (http://www.shorewall.net/mailing_list.htm) includes a search form for the archives. Happy searching... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
I already deleted the earlier message, but it got me thinking anyway.
The question was about all the iptables messaages that get output to the
main console terminal. Tom said something like ''just redirect
STDERR''.
Okay. Looking at Marcel Gagne''s Linux Sys Admin book, he talks about
STDERR on page 54 with the illustration;
command-name 2>&1 > logfile.out
Next I looked at /etc/rc/d/init.d/shorewall and found
################################################################################
# Run iptables and if an error occurs, stop the firewall and
quit #
################################################################################
run_iptables() {
if ! iptables `echo $@ | sed ''s/!/! /g''`; then
[ -z "$stopping" ] && { stop_firewall; exit 2; }
fi
}
And I found lots of stuff that refered back to run_iptables(), but I
don''t quite see how to apply "iptables 2>&1 >
/var/log/iptables.log" to
that mess up there.
And though Mastering Regular Expressions by Jeff Friedl, O''Reilly, Jan
97 is on my Amazon wishlist, I haven''t picked it up yet. Perhaps my
assumption is incorrect that that procedure would look legible if I had
a better handle on regular expressions?
For me, its not a big deal to have all that STDERR stuff go out to the
screen, since the box is in an equipment room, normally without a screen
attached. It would be better though to have enough understanding of how
shorewall is operating with iptables to apply Tom''s comment to the box.
I''m working on getting there, but I''m not there yet.
Oh, and I wrote this without reading through the FAQ again, but I''ll
head off there next.
Best Regards,
Gar
On Fri, 5 Apr 2002, Gar Nelson wrote:> I already deleted the earlier message, but it got me thinking anyway. > The question was about all the iptables messaages that get output to the > main console terminal. Tom said something like ''just redirect STDERR''. > > Okay. Looking at Marcel Gagne''s Linux Sys Admin book, he talks about > STDERR on page 54 with the illustration; > > command-name 2>&1 > logfile.out > > Next I looked at /etc/rc/d/init.d/shorewall and found > > ################################################################################ > # Run iptables and if an error occurs, stop the firewall and > quit # > ################################################################################ > run_iptables() { > if ! iptables `echo $@ | sed ''s/!/! /g''`; then > [ -z "$stopping" ] && { stop_firewall; exit 2; } > fi > } > > And I found lots of stuff that refered back to run_iptables(), but I > don''t quite see how to apply "iptables 2>&1 > /var/log/iptables.log" to > that mess up there. > > And though Mastering Regular Expressions by Jeff Friedl, O''Reilly, Jan > 97 is on my Amazon wishlist, I haven''t picked it up yet. Perhaps my > assumption is incorrect that that procedure would look legible if I had > a better handle on regular expressions? > > For me, its not a big deal to have all that STDERR stuff go out to the > screen, since the box is in an equipment room, normally without a screen > attached. It would be better though to have enough understanding of how > shorewall is operating with iptables to apply Tom''s comment to the box. > I''m working on getting there, but I''m not there yet. > > Oh, and I wrote this without reading through the FAQ again, but I''ll > head off there next.What I was suggesting is that you: /etc/init.d/shorewall start > /tmp/shorewall.log 2>&1 or something similar. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Or you could add: exec 2>/var/log/shorewall.log at the beginning of the shorewall script Pascal On Fri, 2002-04-05 at 13:58, Tom Eastep wrote:> On Fri, 5 Apr 2002, Gar Nelson wrote: > > > I already deleted the earlier message, but it got me thinking anyway. > > The question was about all the iptables messaages that get output to the > > main console terminal. Tom said something like ''just redirect STDERR''. > > > > Okay. Looking at Marcel Gagne''s Linux Sys Admin book, he talks about > > STDERR on page 54 with the illustration; > > > > command-name 2>&1 > logfile.out > > > > Next I looked at /etc/rc/d/init.d/shorewall and found > > > > ################################################################################ > > # Run iptables and if an error occurs, stop the firewall and > > quit # > > ################################################################################ > > run_iptables() { > > if ! iptables `echo $@ | sed ''s/!/! /g''`; then > > [ -z "$stopping" ] && { stop_firewall; exit 2; } > > fi > > } > > > > And I found lots of stuff that refered back to run_iptables(), but I > > don''t quite see how to apply "iptables 2>&1 > /var/log/iptables.log" to > > that mess up there. > > > > And though Mastering Regular Expressions by Jeff Friedl, O''Reilly, Jan > > 97 is on my Amazon wishlist, I haven''t picked it up yet. Perhaps my > > assumption is incorrect that that procedure would look legible if I had > > a better handle on regular expressions? > > > > For me, its not a big deal to have all that STDERR stuff go out to the > > screen, since the box is in an equipment room, normally without a screen > > attached. It would be better though to have enough understanding of how > > shorewall is operating with iptables to apply Tom''s comment to the box. > > I''m working on getting there, but I''m not there yet. > > > > Oh, and I wrote this without reading through the FAQ again, but I''ll > > head off there next. > > What I was suggesting is that you: > > /etc/init.d/shorewall start > /tmp/shorewall.log 2>&1 > > or something similar. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users