Hi....
I''m using shorewall from debian etch package. I like add one rule from
action, but not work.
wg:~# shorewall version
3.2.6
wg:~# dpkg -l | grep shorewall
ii shorewall 3.2.6-2
Shoreline Firewall (Shorewall), a high-level
wg:~# cat /etc/shorewall/shorewall.conf | grep CONFIG_PATH
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
wg:~# vi /etc/shorewall/actions
icmpok
wg:~# vi /etc/shorewall/action.icmpok
######################################################################################
#TARGET SOURCE DEST PROTO DEST
SOURCE RATE USER/
# PORT
PORT(S) LIMIT GROUP
ACCEPT loc $FW icmp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
wg:~# shorewall clear && shorewall start
When I ping to the server from my network he say:
omh@nostromo:~$ ping 192.168.1.1 -c 2
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1002ms
The rule don''t work, what is the error ?
Thanks in advanve
--
ilimit...
*Oscar Mas*
omas@in.ilimit.es
ÀREA SISTEMES
0034 937 333 375
VOLTA 1, PIS 5
08224 TERRASSA.BCN
Aquest enviament és confidencial i està destinat únicament a la persona a qui
s''ha enviat.
Pot contenir informació privada sotmesa al secret professional, la distribució
de la qual està prohibida per la legislació vigent.
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
Oscar Mas wrote:> Hi.... > > I''m using shorewall from debian etch package. I like add one rule from > action, but not work. > > wg:~# shorewall version > 3.2.6 > > wg:~# dpkg -l | grep shorewall > ii shorewall 3.2.6-2 > Shoreline Firewall (Shorewall), a high-level > > wg:~# cat /etc/shorewall/shorewall.conf | grep CONFIG_PATH> CONFIG_PATH=/etc/shorewall:/usr/share/shorewall > > wg:~# vi /etc/shorewall/actions > icmpok > > wg:~# vi /etc/shorewall/action.icmpok > > ###################################################################################### > #TARGET SOURCE DEST PROTO DEST > SOURCE RATE USER/ > # PORT > PORT(S) LIMIT GROUP > ACCEPT loc $FW icmp > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > wg:~# shorewall clear && shorewall start > > When I ping to the server from my network he say: > > omh@nostromo:~$ ping 192.168.1.1 -c 2 > PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. > From 192.168.1.1 icmp_seq=1 Destination Host Unreachable > From 192.168.1.1 icmp_seq=2 Destination Host Unreachable > > --- 192.168.1.1 ping statistics --- > 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1002ms > > The rule don''t work, what is the error ?You haven''t invoked the action in your rules file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
Tom Eastep wrote:> Oscar Mas wrote: > >> Hi.... >> >> I''m using shorewall from debian etch package. I like add one rule from >> action, but not work. >> >> wg:~# shorewall version >> 3.2.6 >> >> wg:~# dpkg -l | grep shorewall >> ii shorewall 3.2.6-2 >> Shoreline Firewall (Shorewall), a high-level >> >> wg:~# cat /etc/shorewall/shorewall.conf | grep CONFIG_PATH>> CONFIG_PATH=/etc/shorewall:/usr/share/shorewall >> >> wg:~# vi /etc/shorewall/actions >> icmpok >> >> wg:~# vi /etc/shorewall/action.icmpok >> >> ###################################################################################### >> #TARGET SOURCE DEST PROTO DEST >> SOURCE RATE USER/ >> # PORT >> PORT(S) LIMIT GROUP >> ACCEPT loc $FW icmp >> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE >> >> wg:~# shorewall clear && shorewall start >> >> When I ping to the server from my network he say: >> >> omh@nostromo:~$ ping 192.168.1.1 -c 2 >> PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. >> From 192.168.1.1 icmp_seq=1 Destination Host Unreachable >> From 192.168.1.1 icmp_seq=2 Destination Host Unreachable >> >> --- 192.168.1.1 ping statistics --- >> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1002ms >> >> The rule don''t work, what is the error ? >> > > You haven''t invoked the action in your rules file. > > -Tom >Ops.... sorry.... this is the problem, but when I add the reule, shorewall crash: wg:~# vi /etc/shorewall/rules ...... ACCEPT loc $FW tcp 8500 # GoldFusion ACCEPT loc $FW udp 1194 # OpenVPN icmpok:debug - - - ..... this is correct ? Thanks in advanced. -- ilimit... *Oscar Mas* omas@in.ilimit.es ÀREA SISTEMES 0034 937 333 375 VOLTA 1, PIS 5 08224 TERRASSA.BCN Aquest enviament és confidencial i està destinat únicament a la persona a qui s''ha enviat. Pot contenir informació privada sotmesa al secret professional, la distribució de la qual està prohibida per la legislació vigent. ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
Oscar Mas wrote:> Tom Eastep wrote: >> Oscar Mas wrote: >> >>> Hi.... >>> >>> I''m using shorewall from debian etch package. I like add one rule from >>> action, but not work. >>> >>> wg:~# shorewall version >>> 3.2.6 >>> >>> wg:~# dpkg -l | grep shorewall >>> ii shorewall 3.2.6-2 >>> Shoreline Firewall (Shorewall), a high-level >>> >>> wg:~# cat /etc/shorewall/shorewall.conf | grep CONFIG_PATH>>> CONFIG_PATH=/etc/shorewall:/usr/share/shorewall >>> >>> wg:~# vi /etc/shorewall/actions >>> icmpok >>> >>> wg:~# vi /etc/shorewall/action.icmpok >>> >>> ###################################################################################### >>> #TARGET SOURCE DEST PROTO DEST >>> SOURCE RATE USER/ >>> # PORT >>> PORT(S) LIMIT GROUP >>> ACCEPT loc $FW icmp >>> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE >>> >>> wg:~# shorewall clear && shorewall start >>> >>> When I ping to the server from my network he say: >>> >>> omh@nostromo:~$ ping 192.168.1.1 -c 2 >>> PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. >>> From 192.168.1.1 icmp_seq=1 Destination Host Unreachable >>> From 192.168.1.1 icmp_seq=2 Destination Host Unreachable >>> >>> --- 192.168.1.1 ping statistics --- >>> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1002ms >>> >>> The rule don''t work, what is the error ? >>> >> >> You haven''t invoked the action in your rules file. >> >> -Tom >> > Ops.... sorry.... this is the problem, but when I add the reule, > shorewall crash: > > wg:~# vi /etc/shorewall/rules > ...... > ACCEPT loc $FW tcp 8500 # GoldFusion > ACCEPT loc $FW udp 1194 # OpenVPN > icmpok:debug - - - > ..... > > this is correct ? >Actually, your action is incorrect. You cannot place the name of a zone in either the SOURCE or DEST in an action body. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php