search for: log_rule_limit

Let''s move this to the Shorewall Development list.... On Tuesday 10 February 2004 03:14 pm, xavier wrote: > here is a patch to allow this : > |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp > > a problem with the patch is that now the logprefix is mandatory. > i''m trying to debug it, but i can''t find the flaw. Also, with

I think you can change the existing firewall logging code for log_rule_limit (where you have one case for for LOGRULENUMBERS and another almost identical case without) down to this slightly shorter version with no duplication (excerpt): if [ -n "$LOGRULENUMBERS" ]; then eval rulenum=\$${chain}_logrules [ -z "$rulenum" ] && ru...

Hi, I''ve attached a patch which fixes a logging problem with log_rule_limit in custom actions. E.g. this action: ,----[ Whitelist ] | if [ -n "$LEVEL" ]; then | run_iptables -N ${CHAIN}Add | log_rule_limit $LEVEL ${CHAIN}Add WhitelistAdd DROP "$LOG_LIMIT" $TAG | run_iptables -A ${CHAIN}Add -j DROP | run_iptables -N ${CHAIN}Del | lo...

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

...figured out, but since it''s a live firewall, I don''t want to start mucking with it (and no I''m not really using port 1600 for the knock, I did change it!). I think this is what I need, did I get it right? /etc/shorewall/SSHKnock if [ -n "$LEVEL" ]; then log_rule_limit $LEVEL $CHAIN SSHKnock ACCEPT "" "$TAG" -A -p tcp --dport 22 -m recent --rcheck --name SSH log_rule_limit $LEVEL $CHAIN SSHKnock ACCEPT "" "$TAG" -A -p tcp --dport 2222 -m recent --rcheck --name SSH log_rule_limit $LEVEL $CHAIN SSHKnock DROP &qu...

...yn + find_file newnotsyn + [ -n -a -f /newnotsyn ] + echo /etc/shorewall/newnotsyn + local user_exit=/etc/shorewall/newnotsyn + [ -f /etc/shorewall/newnotsyn ] + [ -n info ] + log_rule info newnotsyn DROP + local level=info + local chain=newnotsyn + local disposition=DROP + shift + shift + shift + log_rule_limit info newnotsyn DROP --match limit --limit 1/second \ --limit-burst 60 + local level=info + local chain=newnotsyn + local disposition=DROP + local rulenum= + local limit=--match limit --limit 1/second --limit-burst 60 local: --limit: bad variable name + shift + shift + shift + shift + [ -n ] + eval...

I was wondering if anyone had implemented rules like this in shorewall: http://blog.andrew.net.au/tech I see tons of brute force attempts on the machines I administer, and I like the idea of limiting them without the need for extra daemons scanning for attacks. Thanks, Dale -- Dale E. Martin - dale@the-martins.org http://the-martins.org/~dmartin

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled