Displaying 20 results from an estimated 23 matches for "logburst".
Did you mean:
logbufs
2006 Oct 23
3
command not found error
I am running version 3.0.7 of Shorewall on a Debian Sarge system, but when I
start Shorewall I get this:
/usr/share/shorewall/firewall: line 204: 4: command not found
I looked there and found this:
# Run ip and if an error occurs, stop the firewall and quit
#
run_ip() {
if ! ip $@ ; then
if [ -z "$STOPPING" ]; then
error_message "ERROR: Command \"ip
2010 Mar 19
6
noob question
...for Shorewall :)
I''m trying to get a simple config to work but i can''t seem to work out how
to gain access via ssh to the protected remote machine. But that doesn''t
surprise me really as i have just spend well over an hour to find how to
limit the lograte AND fill in the logburst in shorewall.conf.
I have specified a logfile (not messages) in shorewall.conf, but somehow it
isn''t picked up when i try to debug restart shorewall.
Also i can''t get ssh login when shorewall is running, although i have
specified in rules:
SSH/ACCEPT loc $FW...
2003 Aug 12
1
Shorewall Keeps sending false IP Address Conflict
...1 2 3 4 5 6 9
+ command=start
+ ''['' 1 -ne 1 '']''
+ do_initialize
+ export LC_ALL=C
+ LC_ALL=C
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ terminator=startup_error
+ version=
+ FW=
+ SUBSYSLOCK=
+ STATEDIR=
+ ALLOWRELATED=Yes
+ LOGRATE=
+ LOGBURST=
+ LOGPARMS=
+ ADD_IP_ALIASES=
+ ADD_SNAT_ALIASES=
+ TC_ENABLED=
+ LOGUNCLEAN=
+ BLACKLIST_DISPOSITION=
+ BLACKLIST_LOGLEVEL=
+ CLAMPMSS=
+ ROUTE_FILTER=
+ NAT_BEFORE_RULES=
+ DETECT_DNAT_IPADDRS=
+ MUTEX_TIMEOUT=
+ NEWNOTSYN=
+ LOGNEWNOTSYN=
+ FORWARDPING=
+ MACLIST_DISPOSITION=
+ MACLIST_LOG_LEVE...
2004 Aug 31
1
How to limit zone net''s logs
Hi, which it is the better way to limit the logs of a single zone (es:
limit log of net)?
policy:net all DROP info 10/sec:40
Is this a good solution?
Many thanks
--
Dario Lesca <d.lesca@solinos.it>
2004 Aug 03
1
Dropped/Corrupted Log Entries?
...e number of accepted connections logged and
the total number of Netfilter rules on the system (more rules, fewer
connections logged), but this has not been extensively tested. We do the
scan from a host on "loc" to a host on "net".
The shorewall.conf file has:
LOGRATE=
LOGBURST=
The rules file has:
ACCEPT net $FW tcp ssh -
ACCEPT:info dmz net tcp
telnet,ftp,http,https,smtp -
ACCEPT:info dmz net tcp domain,pop3,imap -
ACCEPT dmz net...
2004 Dec 03
8
Old, slow firewall users please speak up!
Ok, I''ve flogged this issue probably longer than some of you can stand
by now. (remember, I''m the nut trying to use a PPro200 to support ~500
users on a 10Mb internet link :o)
To appease those who think I''m nuts, I am ordering a new firewall
shortly to allow for future growth. (probably a Dell PE750 with P4/2.8
and dual GE nics.)
However, since I have yet to prove
2002 May 14
4
Redirect loc::80 to fw::3128 not work
...ssh,auth
ACCEPT $FW net udp ntp
#[/etc/shorewall/shorewall.conf]--------------------------------------------
---
FW=fw
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
ALLOWRELATED="yes"
MODULESDIR=""
LOGRATE="1/minute"
LOGBURST="5"
LOGUNCLEAN=info
LOGFILE="/var/log/messages"
NAT_ENABLED="Yes"
MANGLE_ENABLED="Yes"
IP_FORWARDING="On"
ADD_IP_ALIASES="Yes"
ADD_SNAT_ALIASES="No"
TC_ENABLED="No"
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVEL=
CLAMPMS...
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
.../16 logdrop # RFC 1918
/etc/shorewall/shorewall.conf
=======================================================
[root@hn00dmz01 maint]# grep -v -e "^#" -e "^$"
/etc/shorewall/shorewall.conf
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGRATE=
LOGBURST=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/s...
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
...ssh,auth
ACCEPT $FW net udp ntp
#[/etc/shorewall/shorewall.conf]--------------------------------------------
---
FW=fw
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
ALLOWRELATED="yes"
MODULESDIR=""
LOGRATE="1/minute"
LOGBURST="5"
LOGUNCLEAN=info
LOGFILE="/var/log/messages"
NAT_ENABLED="Yes"
MANGLE_ENABLED="Yes"
IP_FORWARDING="On"
ADD_IP_ALIASES="Yes"
ADD_SNAT_ALIASES="No"
TC_ENABLED="No"
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVEL=
CLAMPMS...
2006 Aug 29
3
masq problem
...fw tcp 21,22,443 -
routestopped:
eth2 x.x.x.x
eth2 y.y.y.y
zones:
fw firewall
net ipv4
loc ipv4
shorewall.conf: (i think it''s default but not shure)
STARTUP_ENABLED=Yes
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
MODULESDIR=
CONFIG_PATH=/etc/shorew...
2007 Nov 10
2
Access Point with Ethernet.
...ll/rules:
ACCEPT net fw icmp 8
ACCEPT fw net icmp
ACCEPT net fw tcp 21,25,37,80,110,113,995,1024:3127,3129:65535
ACCEPT net fw udp 37,123,1024:65535
ACCEPT loc fw tcp 25,123,631
/etc/shorewall/shorewall.conf:
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK="&qu...
2005 Apr 19
14
allow ssh access from net to fw?
...IMAP net fw
#REDIRECT net 22 tcp 22
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
SHOREWALL.CONF:
----------------------------------------------------------------------------
------------------
LOGFILE=/var/log/firewall
LOGFORMAT="Shorewall:%s:%s:"
LOGRATE=
LOGBURST=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=...
2009 Jun 27
1
Transparent Proxy Problem with Squid3 and Shorewall
...VE
zone:
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
And finally shorewall.conf:
STARTUP_ENABLED=Yes
VERBOSITY=1
SHOREWALL_COMPILER=
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
MODULESDIR=
CONFIG_PATH=/etc/shorew...
2003 Aug 22
0
Snapshot 20030821
...ewall script has been modified to eliminate the error
messages.
5) Interface-specific dynamic blacklisting chains are now displayed by
"shorewall monitor" on the "Dynamic Chains" page (previously named
"Dynamic Chain").
6) Thanks to Henry Yang, LOGRATE and LOGBURST now work again.
Migration Issues:
1) Once you have installed this version of Shorewall, you must
restart Shorewall before you may use the ''drop'', ''reject'', ''allow''
or ''save'' commands.
2) To maintain strict compatibili...
2003 Oct 06
2
Shorewall 1.4.7
...ewall script has been modified to eliminate the error
messages.
5) Interface-specific dynamic blacklisting chains are now displayed by
"shorewall monitor" on the "Dynamic Chains" page (previously named
"Dynamic Chain").
6) Thanks to Henry Yang, LOGRATE and LOGBURST now work again.
7) The ''shorewall reject'' and ''shorewall drop'' commands now delete any
existing rules for the subject IP address before adding a new DROP
or REJECT rule. Previously, there could be many rules for the same
IP address in the dynamic chain...
2003 Aug 25
5
Shorewall 1.4.7 Beta 1
...ewall script has been modified to eliminate the error
messages.
5) Interface-specific dynamic blacklisting chains are now displayed by
"shorewall monitor" on the "Dynamic Chains" page (previously named
"Dynamic Chain").
6) Thanks to Henry Yang, LOGRATE and LOGBURST now work again.
7) The ''shorewall reject'' and ''shorewall drop'' commands now delete any
existing rules for the subject IP address before adding a new DROP
or REJECT rule. Previously, there could be many rules for the same
IP address in the dynamic chain...
2004 Oct 29
8
No entries in the syslog, even though the LOG chains show counts
...ver is basically a standalone
machine on the internet, and its firewall is for its own services only.
My shorewall.conf, without comments, is as follows:
$ egrep -v ''^( *#)|^$'' shorewall.conf
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGLIMIT=""
LOGBURST=""
BLACKLIST_LOGLEVEL=info
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
STATEDIR=/var/lib...
2004 Sep 15
15
re: start error
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The original post was over 300,000kb so I didn''t spam the list with it -TE.
|
|
| Thank you for your quick and helpful response.
|
| I didn''t understand that the virtual interface eth0:1 doesn''t count as
a separate instance from eth0.
| I am sorry to ask for further assistance and would appreciate any
help. The error
2005 Jan 08
8
Shorewall problem, perhaps with PPPoE
I have what strikes me as an odd problem with shorewall.
Let me describe my setup.
My desktop (alfred) is connected to the network
through an ADSL modem.
I am running rp-pppoe, and this works perfectly.
I have a small home network, with two LANs;
an Ethernet LAN (including a machine running Windows XP),
and a WiFi LAN, including the laptop (william) I am using now.
All the computers except for
2004 Dec 04
7
vpn-zone wide open
...the vpn-gateway,part2:
1 ipsec0 172.21.0.0/16 all
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
------------------------------------------------------
* /etc/shorwall/shorewall.conf
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGRATE=
LOGBURST=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/s...