search for: logallnew

hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and

I am running version 3.0.7 of Shorewall on a Debian Sarge system, but when I start Shorewall I get this: /usr/share/shorewall/firewall: line 204: 4: command not found I looked there and found this: # Run ip and if an error occurs, stop the firewall and quit # run_ip() { if ! ip $@ ; then if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"ip

Please, help me. Can i forbid and how any outgoing traffic (ping,trace) to rfc1918 networks on my external interfaces? Thank you very much. Aleksandr -------------------- Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер, ноутбуков и PDA. Гарантия минского сервисного центра.

...ch rule within the invoked action behaves as if logging had been specified on it. 2. Support for the 2.6 Kernel''s native IPSEC implementation is now available. 3. Support for ipp2p is included. 4. Support for the iptables CONNMARK facility is now included in Shorewall. 5. A new LOGALLNEW option facilitates problem analysis. 6. Users with a large static blacklist can now defer loading the blacklist until after the rest of the ruleset has been enabled. Doing so can decrease substantially the amount of time that connections are disabled during shorewall [re]start. 7. Support for...

Good day, I have gone through a couple of the HOWTO''s on how to get this to work, but I am still sitting with a very strange (for me) issue. If two clients connect via OpenVPN (bridged), they can access each other without any problems, but neither of them can access the server, nor any system behind it. I am fairly sure it is a Shorewall issue, but I am very new to Shorewall, having

...cp 21,22,443 - routestopped: eth2 x.x.x.x eth2 y.y.y.y zones: fw firewall net ipv4 loc ipv4 shorewall.conf: (i think it''s default but not shure) STARTUP_ENABLED=Yes LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/sh...

...ACCEPT net fw icmp 8 ACCEPT fw net icmp ACCEPT net fw tcp 21,25,37,80,110,113,995,1024:3127,3129:65535 ACCEPT net fw udp 37,123,1024:65535 ACCEPT loc fw tcp 25,123,631 /etc/shorewall/shorewall.conf: LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDI...

...# OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE And finally shorewall.conf: STARTUP_ENABLED=Yes VERBOSITY=1 SHOREWALL_COMPILER= LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/sh...

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

...tl=2? and 1 if I check a.b.c.d? Thx, JD ---------------------------------------------------------------------- /etc/shorewall/shorewall.conf ---------------------------------------------------------------------- STARTUP_ENABLED=Yes VERBOSITY=1 BLACKLIST_LOGLEVEL= LOG_MARTIANS=Yes LOG_VERBOSITY=2 LOGALLNEW= LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGLIMIT= MACLIST_LOG_LEVEL=info RELATED_LOG_LEVEL= SFILTER_LOG_LEVEL=info SMURF_LOG_LEVEL=info STARTUP_LOG=/var/log/shorewall-init.log TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewa...

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

...R=/usr/share/shorewall + FUNCTIONS= + VERSION_FILE= + LOGFORMAT= + LOGRULENUMBERS= + ADMINISABSENTMINDED= + BLACKLISTNEWONLY= + MODULE_SUFFIX= + ACTIONS= + USEDACTIONS= + SMURF_LOG_LEVEL= + DISABLE_IPV6= + BRIDGING= + DYNAMIC_ZONES= + PKTTYPE= + RETAIN_ALIASES= + DELAYBLACKLISTLOAD= + LOGTAGONLY= + LOGALLNEW= + DROPINVALID= + RFC1918_STRICT= + MACLIST_TTL= + SAVE_IPSETS= + RESTOREFILE= + RESTOREBASE= + TMP_DIR= + CROSSBEAM= + CROSSBEAM_BACKBONE= + ALL_INTERFACES= + ROUTEMARK_INTERFACES= + ROUTEMARK=256 + PROVIDERS= + stopping= + have_mutex= + masq_seq=1 + nonat_seq=1 + aliases_to_add= + FUNCTIONS=/usr/...