search for: logdrop

...-- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logdrop (30 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'' 0 0 DROP all -- * *...

...2.0.1) -- Regards Thomas PS. please CC me as I''m not subscribed to the list -------------- next part -------------- --- usr/share/shorewall/bogons.old 2004-04-19 18:28:00.000000000 +0300 +++ usr/share/shorewall/bogons 2004-04-20 20:32:29.000000000 +0300 @@ -46,13 +46,18 @@ 49.0.0.0/8 logdrop # JTC - Returned to IANA Mar 98 50.0.0.0/8 logdrop # JTC - Returned to IANA Mar 98 58.0.0.0/7 logdrop # Reserved -70.0.0.0/7 logdrop # Reserved +71.0.0.0/8 logdrop # Reserved 72.0.0.0/5 logdrop # Reserved -85.0.0.0/8 logdrop # Reserved -86.0.0.0/7 logdrop # Reserved -88.0.0.0/5 l...

...ile: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss 1412,nop,nop,sackOK> (DF) [tos 0x10] SYSLOG-log: ----------- Mar 4 12:16:08 [kernel] Shorewall:logdrop:DROP:IN=ppp0 OUT= MAC= SRC=84.153.98.30 DST=[my-destination-machine] LEN=48 TOS=0x10 PREC=0x00 TTL=125 ID=59988 DF PROTO=TCP SPT=1322 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 i can connect from another machine without any problems and the rule is not restrict the access to any machine. it seems tha...

...=========== [root@hn00dmz01 maint]# grep -v "^#" /etc/shorewall/custom/rfc1918 172.31.60.0/24 RETURN 172.20.173.0/24 RETURN 172.16.127.0/24 RETURN 192.168.175.0/24 RETURN 192.168.253.0/24 RETURN 192.168.254.252/30 RETURN 10.0.0.0/8 logdrop # RFC 1918 172.16.0.0/12 logdrop # RFC 1918 192.168.0.0/16 logdrop # RFC 1918 /etc/shorewall/shorewall.conf ======================================================= [root@hn00dmz01 maint]# grep -v -e "^#" -e "^$" /etc/shorewall/shorewa...

Hello: I just started using Shorewall this morning and must say that I''m very impressed. Much nicer than what I was using previously. I love the ability to type ''shorewall logdrop ww.xx.yy.zz'' and completely block a particular IP address. However, the log part doesn''t happen. When I look in the logdrop chain, there is no LOG prefix. I''ve looked through the FAQ, the manual pages and Googled. I can''t seem to find anything that seems to e...

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

...CCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logdrop (30 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'' 0 0 DROP...

...-- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain logdrop (25 references) pkts bytes target prot opt in out source destination 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'' 0 0 DROP ah -- * *...

Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can''t do a tcp connection from a VPS to an other , in my shorewall log in the

I have tried (RH7.3/shorewall-1.3.12-1) both of the following in shorewall.conf to eliminate ''rfc1918'' logging into /var/log/messages: RFC1918_LOG_LEVEL=debug RFC1918_LOG_LEVEL=notice Neither appear to eliminate the logging. Here''s what the ''logdrop'' chain shows: 1 229 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix \ `Shorewall:rfc1918:DROP:'' Shouldn''t the "level" be either a `7'' or a ''5'' instead of `6''? (BTW, what is meant by a "higher sysl...

...em where some of our customers cannot access our webshop, but most of the customers can. I have been slowly eliminating possibilities and am now left with either the firewall (Shorewall 1.4) or the webshop server. What appears a lot in the logfiles is: Jul 26 11:51:04 gw kernel: Shorewall:logdrop:DROP:IN=eth0 OUT=eth1 SRC=84.128.198.240 DST=10.7.18.5 LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=4229 DF PROTO=TCP SPT=1888 DPT=80 WIND OW=32768 RES=0x00 SYN URGP=0 Can somebody explain why this packet is being dropped as the Source address is a "good" address and does not appear in the rfc191...

Hi to all, I''d like to cut some log in /var/log/messages, as of netbios and ping entries. There are some particular rules in shorewall 1.4.5? I''ve tried with "run_iptables -A common -p udp --sport 138 -mstate --state NEW -j DROP" but it contiunes to send to log every netbios attempt. Also I don''t want to disable ping from loc to net, and from fw to net. Thanks

...t; > # /etc/shorewall/rfc1918 > ############################################################################### > #SUBNETS TARGET > 192.168.0.0/24 RETURN # ADM Network > 192.168.20.0/24 RETURN # TLM Network > 172.16.0.0/12 logdrop # RFC 1918 > 192.168.0.0/16 logdrop # RFC 1918 > 10.0.0.0/8 logdrop # RFC 1918 > > > What am I doing wrong? Someone can help me? > > > Best Regards, > Watanabe ----------------------------------------------------------...

...ith kernel 2.4.20-8, iptables v1.2.7a and shorewall version 1.4.6a Line in /etc/shorewall/rules... DNAT net loc:192.168.0.5 tcp 4662 but here''s the bit in /var/log/messages that says its dropping packets.... Nov 11 01:11:49 potchin kernel: Shorewall:logdrop:DROP:IN=ppp0 OUT=eth0 SRC=201.128.9.30 DST=192.168.0.5 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=6299 DF PROTO=TCP SPT=3187 DPT=4662 WINDOW=16384 RES=0x00 SYN URGP=0 One thing I did think about was my external interface - its an ADSL connection with a dynamic IP that is occasionally dropped for IP rene...

As far as I can tell from <http://shorewall.net/errata.htm> the current shorewall bogons file is <http://shorewall.net/pub/shorewall/errata/2.0.8/bogons> which contains the line: 58.0.0.0/7 logdrop # Reserved This is incorrect. These two /8s were allocated to APNIC as of April 2004. See also <http://marc.theaimsgroup.com/?l=nanog&m=108319003517919&w=2> and the main Cymru bogon list at <http://www.cymru.com/Bogons/index.html>, particularly <http://www.cymru.com/Docum...

Shorewall version 2.2.1 2 Interface setup. eth1: 10.10.1.3 eth0: 192.168.1.2 modem is 192.168.1.1 I need to be able to connect to my adsl modem, but when shorewall is up I get connection rejected. I have added "192.168.1.1 RETURN" above the line "192.168.0.0/16 logdrop # RFC 1918" in "/etc/shorewall/rfc1918" but still getting connection rejected Is there something else I need to change. _________________________________________________________________ Get an all-Ireland weather forecast at MSN Weather! http://www.msn.ie/weather

...;' processing to cease for a packet if the packet''s source IP address matches the rule. Thus, if you have: SUBNETS TARGET 192.168.1.0/24 RETURN then traffic from 192.168.1.4 to 10.0.3.9 will be accepted even though you also have: SUBNETS TARGET 10.0.0.0/8 logdrop Setting RFC1918_STRICT=Yes in shorewall.conf will cause such traffic to be logged and dropped since while the packet''s source matches the RETURN rule, the packet''s destination matches the ''logdrop'' rule. If not specified or specifi...

...m ''reject'' to ''DROP''. 2) For easier identification, packets logged under the ''norfc1918'' interface option are now logged out of chains named ''rfc1918''. Previously, such packets were logged under chains named ''logdrop''. 3) Distributors and developers seem to be regularly inventing new naming conventions for kernel modules. To avoid the need to change Shorewall code for each new convention, the MODULE_SUFFIX option has been added to shorewall.conf. MODULE_SUFFIX may be set to the suffix for...

is there a way to LOG & -j OTHER-TARGET packet with one rule, or i have to use two ? raptor _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

...m ''reject'' to ''DROP''. 2) For easier identification, packets logged under the ''norfc1918'' interface option are now logged out of chains named ''rfc1918''. Previously, such packets were logged under chains named ''logdrop''. 3) Distributors and developers seem to be regularly inventing new naming conventions for kernel modules. To avoid the need to change Shorewall code for each new convention, the MODULE_SUFFIX option has been added to shorewall.conf. MODULE_SUFFIX may be set to the suffix for...