Hi there, I installed shorewall yesterday. Actually I was looking for a GUI for iptables supporting MIRROR but the feature set of shorewall sounded just a little bit to nice not to try. Actually, as a guess I will stay with shorewall for now as it seems to allow for as much flexibility and ease of use then one can ask for. There is a question though I am wondering about. While I normally deal with Checkpoint firewalls (either as classical firewalls or as VPN devices or both) I am rather used to the fact that I can decide to log per rule and to have a nice log viewer to analyze those logs. While the second issue can be solved easily enough (I just started to write me a little toy - windows based) I am wondering why one can''t log per rule ?=20 Axel Westerhold Congos. Inc. Dev. Lead
> Hi there, > > I installed shorewall yesterday. Actually I was looking for a GUI for > iptables supporting MIRROR but the feature set of shorewall sounded just > a little bit to nice not to try. Actually, as a guess I will stay with > shorewall for now as it seems to allow for as much flexibility and ease > of use then one can ask for. > > There is a question though I am wondering about. While I normally deal > with Checkpoint firewalls (either as classical firewalls or as VPN > devices or both) I am rather used to the fact that I can decide to log > per rule and to have a nice log viewer to analyze those logs. > > While the second issue can be solved easily enough (I just started to > write me a little toy - windows based) I am wondering why one can''t log > per rule ? >I just answered this question on the list not an hour ago -- you CAN log per rule by simply appending ":" and a syslog level to the ACTION (e.g., DNAT:info). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok Ok, I just reached the last line of the Nov. archive and found my request answered already. I am sorry. Axel Westerhold Congos Inc. Dev. Lead -----BEGIN PGP SIGNATURE----- Version: PGP 7.1.1 iQA/AwUBPdQbGG2Oinwe9Zf6EQLaTwCZAVbXwsE7Qsomg0e010AtLEeYXjcAn200 BpEE1WmZ/0NxqJCybCdB1SE6 =3DCdF/ -----END PGP SIGNATURE-----