Hi I am not a list member. I have a problem with V2.0.2f of Shorewall it appears to log all drops regardless of the rules. I have removed the logging from all rules including the last catch all rule and it is still logging every drop. I have just upgraded to this release from 2.0.2 and it was fine only logging what I asked it to. There have been no changes to tany rules appart from removing the logging since the upgrade. An example is I use DropSMB which should not log any of these ports but all appear in the log which makes for a lot of entries. Any one have an idea why it has started to do this? Thanks Colin -- Linux: Because rebooting is for adding hardware.
Colin Tinker wrote:> Hi > > I am not a list member. > > I have a problem with V2.0.2f of Shorewall it appears to log all drops > regardless of the rules. I have removed the logging from all rules > including the last catch all rule and it is still logging every drop. I > have just upgraded to this release from 2.0.2 and it was fine only logging > what I asked it to. There have been no changes to tany rules appart from > removing the logging since the upgrade. An example is I use DropSMB which > should not log any of these ports but all appear in the log which makes for > a lot of entries. Any one have an idea why it has started to do this?None. The only logging-related change between 2.0.2 and 2.0.2f *removes* logging rules. Please consult FAQ 17 to try to understand why the packets are being logged. If you can''t reach a resolution, then please forward the output of "shorewall status" as an attachment. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hi Here is a sample of the logs. Jun 8 18:06:53 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT= MAC=00:a0:c9:5a:de:4f:00:00:00:00:05:6e:08:00 SRC=81.86.167.219 DST=192.168.2.254 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=32774 DF PROTO=TCP SPT=3416 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 Jun 8 18:06:54 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT= MAC=00:a0:c9:5a:de:4f:00:00:00:00:05:6e:08:00 SRC=81.61.96.9 DST=192.168.2.254 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=1881 DF PROTO=TCP SPT=3415 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 Jun 8 18:06:55 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT=eth0 SRC=68.82.225.217 DST=192.168.0.11 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=5509 DF PROTO=TCP SPT=3637 DPT=25 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 8 18:06:56 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT= MAC=00:a0:c9:5a:de:4f:00:00:00:00:05:6e:08:00 SRC=81.86.167.219 DST=192.168.2.254 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=33744 DF PROTO=TCP SPT=3416 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 Jun 8 18:06:57 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT= MAC=00:a0:c9:5a:de:4f:00:00:00:00:05:6e:08:00 SRC=81.61.96.9 DST=192.168.2.254 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=2014 DF PROTO=TCP SPT=3415 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 If you say no logging is enabled then I assume this should not be in the logs. I expect it to log the rfc1918 stuff as the actions file says to log it. I have never had a problem with shorewall before in over 2 years of using it but this one has me stumped. Colin On Tuesday 08 Jun 2004 17:53, you wrote:> Colin Tinker wrote: > > Hi > > > > They are in the messages log. > > Well, when you''re ready to share them with us then you get back to the > list. I can''t help you without seeing what log messages you are > complaining about. > > -Tom-- Linux: Because rebooting is for adding hardware.
Hi I have just seen what may be going on. I altered my rfc1918 file and put route back rules in. I forgot to add them again after updating the firewall. oops Thanks for the help and making me look a bit further t discover the problem. Colin Here is a sample of the logs. Jun 8 18:06:53 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT= MAC=00:a0:c9:5a:de:4f:00:00:00:00:05:6e:08:00 SRC=81.86.167.219 DST=192.168.2.254 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=32774 DF PROTO=TCP SPT=3416 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 Jun 8 18:06:54 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT= MAC=00:a0:c9:5a:de:4f:00:00:00:00:05:6e:08:00 SRC=81.61.96.9 DST=192.168.2.254 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=1881 DF PROTO=TCP SPT=3415 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 Jun 8 18:06:55 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT=eth0 SRC=68.82.225.217 DST=192.168.0.11 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=5509 DF PROTO=TCP SPT=3637 DPT=25 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 8 18:06:56 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT= MAC=00:a0:c9:5a:de:4f:00:00:00:00:05:6e:08:00 SRC=81.86.167.219 DST=192.168.2.254 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=33744 DF PROTO=TCP SPT=3416 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 Jun 8 18:06:57 stargate kernel: Shorewall:rfc1918:DROP:IN=eth2 OUT= MAC=00:a0:c9:5a:de:4f:00:00:00:00:05:6e:08:00 SRC=81.61.96.9 DST=192.168.2.254 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=2014 DF PROTO=TCP SPT=3415 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 If you say no logging is enabled then I assume this should not be in the logs. I expect it to log the rfc1918 stuff as the actions file says to log it. I have never had a problem with shorewall before in over 2 years of using it but this one has me stumped. Colin On Tuesday 08 Jun 2004 17:53, you wrote:> Colin Tinker wrote: > > Hi > > > > They are in the messages log. > > Well, when you''re ready to share them with us then you get back to the > list. I can''t help you without seeing what log messages you are > complaining about. > > -Tom-- Linux: Because rebooting is for adding hardware.
Colin Tinker wrote:> Hi > > I have just seen what may be going on. I altered my rfc1918 file and put > route back rules in. I forgot to add them again after updating the > firewall. oops Thanks for the help and making me look a bit further t > discover the problem. >If you copy rfc1918 to /etc/shorewall and alter the copy, you won''t have that problem in the future. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net