Displaying 20 results from an estimated 24 matches for "blacklist_loglevel".
2009 Jan 24
4
No logging with chain logdrop and logreject
Hello:
I just started using Shorewall this morning and must say that I''m very
impressed. Much nicer than what I was using previously.
I love the ability to type ''shorewall logdrop ww.xx.yy.zz'' and
completely block a particular IP address. However, the log part doesn''t
happen. When I look in the logdrop chain, there is no LOG prefix.
I''ve looked
2002 Feb 07
5
Blacklist problems - iptables v1.2.4: Unknown arg ''--log-level''
Hi All,
I have just upgraded to 1.2.5 of shorewall, and thought I would switch on
the blacklisting feature.
All seemed well, I had the log level set to debug...to try it out (like
you do)..no problems...
But when I removed the debug
i.e. in shorewall.conf BLACKLIST_LOGLEVEL= instead of
BLACKLIST_LOGLEVEL=debug
I get .the usual init stuff..then
Setting up Blacklisting...
Blacklisting enabled on ppp0
iptables v1.2.3: Unknown arg ''--log-level''
Try ''iptables -h'' or uptables --help for more information.
Terminated.
I used the rp...
2005 May 08
4
not logging some ports?
Hello,
I want not to log some dropped packets going from net to fw, i.e. to
exclude some ports. For example, I get lots of denied SPT=4672 DPT=7476
packets in /var/log/messages. I know I can probably do this by using ulog
or some other logging system and writing some rules to exclude "SPT=4672",
but is it possible for shorewall not to log some ports? Sorry if it is obvious,
but I
2004 Aug 08
1
using ULOG
...log (in order to split netfilter messages from
other kernel messages), than i have to set all loglevel to ULOG? and
then is there any way to define diferent loglevel for eg. maclist?
thanks in advance.
yours.
ps. it''s a bit confusing that all loglevel parameter name is LOG_LEVEL
except BLACKLIST_LOGLEVEL:-(
--
Levente "Si vis pacem para bellum!"
2006 Oct 23
3
command not found error
I am running version 3.0.7 of Shorewall on a Debian Sarge system, but when I
start Shorewall I get this:
/usr/share/shorewall/firewall: line 204: 4: command not found
I looked there and found this:
# Run ip and if an error occurs, stop the firewall and quit
#
run_ip() {
if ! ip $@ ; then
if [ -z "$STOPPING" ]; then
error_message "ERROR: Command \"ip
2003 Aug 12
1
Shorewall Keeps sending false IP Address Conflict
...L=C
+ LC_ALL=C
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ terminator=startup_error
+ version=
+ FW=
+ SUBSYSLOCK=
+ STATEDIR=
+ ALLOWRELATED=Yes
+ LOGRATE=
+ LOGBURST=
+ LOGPARMS=
+ ADD_IP_ALIASES=
+ ADD_SNAT_ALIASES=
+ TC_ENABLED=
+ LOGUNCLEAN=
+ BLACKLIST_DISPOSITION=
+ BLACKLIST_LOGLEVEL=
+ CLAMPMSS=
+ ROUTE_FILTER=
+ NAT_BEFORE_RULES=
+ DETECT_DNAT_IPADDRS=
+ MUTEX_TIMEOUT=
+ NEWNOTSYN=
+ LOGNEWNOTSYN=
+ FORWARDPING=
+ MACLIST_DISPOSITION=
+ MACLIST_LOG_LEVEL=
+ TCP_FLAGS_DISPOSITION=
+ TCP_FLAGS_LOG_LEVEL=
+ RFC1918_LOG_LEVEL=
+ MARK_IN_FORWARD_CHAIN=
+ SHARED_DIR=/usr/share/shor...
2011 Dec 01
1
Blocked host getting through
Hi,
Using 4.4.23.2 on a single host. A host x.x.x.x is sending traffic
although it blacklisted and blocked rules
rules:
DROP net:x.x.x.x/21 $FW - - -
DROP net:x.x.x.x/22 $FW - - -
DROP $FW net:x.x.x.x/21 - - -
DROP $FW net:x.x.x.x/22 - - -
2002 May 14
4
Redirect loc::80 to fw::3128 not work
...uot;1/minute"
LOGBURST="5"
LOGUNCLEAN=info
LOGFILE="/var/log/messages"
NAT_ENABLED="Yes"
MANGLE_ENABLED="Yes"
IP_FORWARDING="On"
ADD_IP_ALIASES="Yes"
ADD_SNAT_ALIASES="No"
TC_ENABLED="No"
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVEL=
CLAMPMSS="Yes"
ROUTE_FILTER="Yes"
NAT_BEFORE_RULES="Yes"
#[/etc/shorewall/start]-----------------------------------------------
run_iptables -I OUTPUT 2 -m state -p icmp --state INVALID -j DROP
#[/etc/shorewall/zones]-----------------------------------------------
n...
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
...logdrop # RFC 1918
/etc/shorewall/shorewall.conf
=======================================================
[root@hn00dmz01 maint]# grep -v -e "^#" -e "^$"
/etc/shorewall/shorewall.conf
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGRATE=
LOGBURST=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=...
2003 Jan 25
7
automagic blacklist
Hello list members,
Over the past 12 hours my firewall box has had over 300 hits to port 1434 from numerous ip''s. I ran tcpdump on a couple of them and it looks like the ms-sql exploit attempt. I don''t use ms-sql. I''ve always gotten a few hits per day, but now it''s gotten out of control.
I use logcheck to email the system logs to me and at this rate by the
2003 Sep 30
4
macaddress blacklist problem
...ewall]# tail -5 blacklist
#ADDRESS/SUBNET PROTOCOL PORT
~00-04-e2-83-7c-75
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
I even tried cranking up the logging for the blacklist in shorewall.conf
[root@fumcbafw shorewall]# grep BLACKLIST shorewall.conf
# BLACKLIST LOG LEVEL
BLACKLIST_LOGLEVEL=debug
# BLACKLIST DISPOSITION
BLACKLIST_DISPOSITION=DROP
shorewall has been restarted and iptables-save shows the rule
[root@fumcbafw shorewall]# grep ''blacklst'' /tmp/iptables.save
:blacklst - [0:0]
[0:0] -A blacklst -m mac --mac-source 00:04:E2:83:7C:75 -j LOG
--log-prefix &q...
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
...uot;1/minute"
LOGBURST="5"
LOGUNCLEAN=info
LOGFILE="/var/log/messages"
NAT_ENABLED="Yes"
MANGLE_ENABLED="Yes"
IP_FORWARDING="On"
ADD_IP_ALIASES="Yes"
ADD_SNAT_ALIASES="No"
TC_ENABLED="No"
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVEL=
CLAMPMSS="Yes"
ROUTE_FILTER="Yes"
NAT_BEFORE_RULES="Yes"
#[/etc/shorewall/start]-----------------------------------------------
run_iptables -I OUTPUT 2 -m state -p icmp --state INVALID -j DROP
#[/etc/shorewall/zones]-----------------------------------------------
n...
2006 Aug 29
3
masq problem
...2,443 -
routestopped:
eth2 x.x.x.x
eth2 y.y.y.y
zones:
fw firewall
net ipv4
loc ipv4
shorewall.conf: (i think it''s default but not shure)
STARTUP_ENABLED=Yes
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOR...
2007 Nov 10
2
Access Point with Ethernet.
...fw icmp 8
ACCEPT fw net icmp
ACCEPT net fw tcp 21,25,37,80,110,113,995,1024:3127,3129:65535
ACCEPT net fw udp 37,123,1024:65535
ACCEPT loc fw tcp 25,123,631
/etc/shorewall/shorewall.conf:
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
STATEDIR=/var/lib/shorewall...
2005 Apr 19
14
allow ssh access from net to fw?
...t fw
#REDIRECT net 22 tcp 22
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
SHOREWALL.CONF:
----------------------------------------------------------------------------
------------------
LOGFILE=/var/log/firewall
LOGFORMAT="Shorewall:%s:%s:"
LOGRATE=
LOGBURST=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/sho...
2009 Jun 27
1
Transparent Proxy Problem with Squid3 and Shorewall
...IONS OPTIONS
fw firewall
net ipv4
loc ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
And finally shorewall.conf:
STARTUP_ENABLED=Yes
VERBOSITY=1
SHOREWALL_COMPILER=
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOR...
2013 Jun 13
3
"Multiple Internet Connections" with four interfaces
Hi,
I was reading document http://shorewall.net/MultiISP.html#idp3634200.
Inspired by the document I was trying to establish the following changes:
* one additional interface: COMA_IF
* COM[A,B,C]_IF interfaces request IP address via DHCP
* all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF
* all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default
* non-RFC 1918
2004 Oct 29
8
No entries in the syslog, even though the LOG chains show counts
...ndalone
machine on the internet, and its firewall is for its own services only.
My shorewall.conf, without comments, is as follows:
$ egrep -v ''^( *#)|^$'' shorewall.conf
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGLIMIT=""
LOGBURST=""
BLACKLIST_LOGLEVEL=info
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PA...
2013 Sep 10
6
lsm configuration issues...
.... if I do the lsm
check on w.x.y.z, should I put a ttl=2? and 1 if I check a.b.c.d?
Thx,
JD
----------------------------------------------------------------------
/etc/shorewall/shorewall.conf
----------------------------------------------------------------------
STARTUP_ENABLED=Yes
VERBOSITY=1
BLACKLIST_LOGLEVEL=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=&q...
2005 Jan 08
8
Shorewall problem, perhaps with PPPoE
I have what strikes me as an odd problem with shorewall.
Let me describe my setup.
My desktop (alfred) is connected to the network
through an ADSL modem.
I am running rp-pppoe, and this works perfectly.
I have a small home network, with two LANs;
an Ethernet LAN (including a machine running Windows XP),
and a WiFi LAN, including the laptop (william) I am using now.
All the computers except for