--On Sunday, December 22, 2002 6:44 PM -0700 ian <iguy@ionsphere.org>
wrote:
> Hello,
>
> I''ve started to use firewall tracking as a way to see all traffic
that is
> going to and from my server. So I decided to turn on all my different
> options in shorewall to log everything. However I do not get all the
> logs I expect in terms of connections being started or dropped.
>
> I''m running shorewall 1.3.11a
> My policy file looks like such:
>
># SOURCE DEST POLICY LOG LEVEL
># LIMIT:BURST
> loc net ACCEPT info
> fw net CONTINUE info
> fw loc CONTINUE info
> net all DROP info
> all all REJECT info
>
>
> However I get no logs of stuff going from the firewall box. Ie. I make
> a connection from fw->xmlrpc.rhn.redhat.com but I get no log message
> saying so?
>
> What am I doing wrong?
Since your policies don''t allow ANY traffic from fw->net (and what
are
those CONTINUE policies there for????),
any such connections are being allowed by rule. Are you logging all of your
ACCEPT rules?
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net