Hello. I run Shorewall 3.4.4 and use it Limit built-in macto to limit SSH connections: I use following line in /etc/shorewall/rules: SSH/Limit:warning:SSHA,3,500 net $FW This line logs only if the limit is reached. I would like to log with INFO level in any case, and with WARNING level in case of limit reaching. Please hint me. -- Evgeniy ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don''t miss this year''s exciting event. There''s still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
Евгений wrote:> > SSH/Limit:warning:SSHA,3,500 net $FW > > This line logs only if the limit is reached. > I would like to log with INFO level in any case, and with WARNING level > in case of limit reaching. > > Please hint me. >You will have to write your own version of ''Limit'' that does what _you_ want it to do. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don''t miss this year''s exciting event. There''s still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
On Mon, 2008-04-21 at 07:01 -0700, Tom Eastep wrote:> > SSH/Limit:warning:SSHA,3,500 net $FW > > > > This line logs only if the limit is reached. > > I would like to log with INFO level in any case, and with WARNING level > > in case of limit reaching.What about adding a Logging rule before the Limit? LOG:info net fw tcp ssh The existing Limit rule does the warning level logging already. The Logging rule will log all connections with level info in any case, just as you want. Note that this includes reaching the limit, if you have it before the Limit rule.> You will have to write your own version of 'Limit' that does what _you_ want > it to do.Did I overlook something? ;) karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Karsten Bräckelmann wrote:> On Mon, 2008-04-21 at 07:01 -0700, Tom Eastep wrote: > >>> SSH/Limit:warning:SSHA,3,500 net $FW >>> >>> This line logs only if the limit is reached. >>> I would like to log with INFO level in any case, and with WARNING level >>> in case of limit reaching. > > What about adding a Logging rule before the Limit? > > LOG:info net fw tcp ssh > > The existing Limit rule does the warning level logging already. The > Logging rule will log all connections with level info in any case, just > as you want. Note that this includes reaching the limit, if you have it > before the Limit rule. > > >> You will have to write your own version of ''Limit'' that does what _you_ want >> it to do. > > Did I overlook something? ;)No -- I did. I thought the OP wanted one or the other log messages, but not both. Your approach is correct given that both messages are acceptable in an over-limit condition. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don''t miss this year''s exciting event. There''s still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone