Shorewall users - May 2008 - various logs activated - how to disable

Hi,

My Shorewall was working fine without any problems. I was managing it
through the webmin module.
I was not receiving any unwanted logs.
Then I just wanted to see the logging feature and enabşed some logs from the
webmin shorewall module. (debug level)
Now I am receiving a lot of logs all in kern.log, debug and syslog files.
Also my "dmesg" output is full of shorewall logs.

I want to get rid of them. How can I disable all logging facility of
Shorewall ?

Btw, I disable what I activated from the webmin module and now it is
disabled on the GUI.

I need urgent help.

Thanks...


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
> Hi,
> 
> My Shorewall was working fine without any problems. I was managing it
> through the webmin module.
> I was not receiving any unwanted logs.
> Then I just wanted to see the logging feature and enabşed some logs from
the
> webmin shorewall module. (debug level)
> Now I am receiving a lot of logs all in kern.log, debug and syslog files.
> Also my "dmesg" output is full of shorewall logs.
> 
> I want to get rid of them. How can I disable all logging facility of
> Shorewall ?
> 
> Btw, I disable what I activated from the webmin module and now it is
> disabled on the GUI.
Which part did you enable logging on?  If the policies or the rules
file, use the appropriate webmin button to edit the config file
manually.  In the policies file the log level is the 4th field.  Delete
it on each non-comment line where it occurs.  In the rules file it is
after the action preceeded by a colon, e.g. REJECT:debug.  Delete the
colon and the log level.

Paul


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

I had enabled it on policies and I've checked the policies file but there is
no "log" or "LOG" in it.
Also in the rules file there is no "log" or "LOG"

Here are the files that include "log" or "LOG":

router:~# grep log /etc/shorewall/*
/etc/shorewall/shorewall.conf:LOGFILE=/var/log/shorewall
/etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix
BANDWIDTH_IN: --log-level debug
/etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix
BANDWIDTH_IN: --log-level debug
/etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix
BANDWIDTH_OUT: --log-level debug
/etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix
BANDWIDTH_OUT: --log-level debug

router:~# grep LOG /etc/shorewall/*
/etc/shorewall/shorewall.conf:LOGFILE=/var/log/shorewall
/etc/shorewall/shorewall.conf:LOGFORMAT="Shorewall:%s:%s:"
/etc/shorewall/shorewall.conf:LOGTAGONLY=No
/etc/shorewall/shorewall.conf:LOGRATE/etc/shorewall/shorewall.conf:LOGBURST/etc/shorewall/shorewall.conf:LOGALLNEW/etc/shorewall/shorewall.conf:BLACKLIST_LOGLEVEL/etc/shorewall/shorewall.conf:MACLIST_LOG_LEVEL=$LOG
/etc/shorewall/shorewall.conf:TCP_FLAGS_LOG_LEVEL=$LOG
/etc/shorewall/shorewall.conf:RFC1918_LOG_LEVEL=$LOG
/etc/shorewall/shorewall.conf:SMURF_LOG_LEVEL=$LOG
/etc/shorewall/shorewall.conf:LOG_MARTIANS=No
/etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix
BANDWIDTH_IN: --log-level debug
/etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix
BANDWIDTH_IN: --log-level debug
/etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix
BANDWIDTH_OUT: --log-level debug
/etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix
BANDWIDTH_OUT: --log-level debug


On 5/4/08, Paul Gear <paul@gear.dyndns.org> wrote:
>
> Mekabe Ramein wrote:
> > Hi,
> >
> > My Shorewall was working fine without any problems. I was managing it
> > through the webmin module.
> > I was not receiving any unwanted logs.
> > Then I just wanted to see the logging feature and enabşed some logs
from
> the
> > webmin shorewall module. (debug level)
> > Now I am receiving a lot of logs all in kern.log, debug and syslog
> files.
> > Also my "dmesg" output is full of shorewall logs.
> >
> > I want to get rid of them. How can I disable all logging facility of
> > Shorewall ?
> >
> > Btw, I disable what I activated from the webmin module and now it is
> > disabled on the GUI.
>
> Which part did you enable logging on?  If the policies or the rules
> file, use the appropriate webmin button to edit the config file
> manually.  In the policies file the log level is the 4th field.  Delete
> it on each non-comment line where it occurs.  In the rules file it is
> after the action preceeded by a colon, e.g. REJECT:debug.  Delete the
> colon and the log level.
>
> Paul
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to
save $100.
> Use priority code J8TL2D2.
>
>
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
>I had enabled it on policies and I''ve checked the policies file but
>there is no "log" or "LOG" in it.
>Also in the rules file there is no "log" or "LOG"
I suggest you re-read the previous message - you are NOT looking for 
''log'' in any file. You might try "grep -i debug
/etc/shorewall/*",
and as well as debug you might look for the other levels which are :
   info, notice, warning, err, crit, alert, and emerg
>>Which part did you enable logging on?  If the policies or the rules
>>file, use the appropriate webmin button to edit the config file
>>manually.  In the policies file the log level is the 4th field.  Delete
>>it on each non-comment line where it occurs.  In the rules file it is
>>after the action preceeded by a colon, e.g. REJECT:debug.  Delete the
>>colon and the log level.
You might also check in shorewall.conf and check the setting for 
VERBOSITY, BLACKLIST_LOGLEVEL, MACLIST_LOG_LEVEL, 
TCP_FLAGS_LOG_LEVEL, RFC1918_LOG_LEVEL, SMURF_LOG_LEVEL, 
LOG_MARTIANS. With the exception of VERBOSITY, all of this list 
should be spat out by "grep LOG /etc/shorewall.conf".

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
> I had enabled it on policies and I''ve checked the policies file
but there is
> no "log" or "LOG" in it.
Of course there isn''t.

Webmin provides an interface that allows you to point and click rather than 
use a text editor. It does not do your thinking and learning for you.

If you want to know how the policy file works, at a shell prompt type "man 
policy" or go to http://www.shorewall.net/manpages/shorewall-policy.html
and
read. There you will find that the LOG LEVEL column contains a syslog level. 
Don''t know what a syslog level is? Then start by reading 
http://www1.shorewall.net/shorewall_logging.html. You will also learn there 
that Shorewall itself does almost no logging and that the log messages that 
you are seeing are generated by Netfilter and are routed to the various log 
destinations by syslog (or syslog-ng).

Finally, I advise against disabling logging completely. The sample 
configurations described at 
http://www.shorewall.net/shorewall_quickstart_guide.htm provide sensible 
default settings.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Hi Tom & Simon,

Thanks for your emails and all the information you just sent.
I will read the docs you''ve supplied, but just a quick reply:

I understand what you both tell me. But then I don''t understand why I
am
receiving all those logs as though my policy file is only:
wan     lan     ACCEPT
lan     wan     ACCEPT
fire    wan     ACCEPT
fire    lan     ACCEPT
wan     fire    REJECT
lan     fire    ACCEPT

And here is all results for the loglevel keywords.

Btw, I am familiar with logging and loglevels. Also, I know how syslog acts,
but I am not sure why all these are logged at all and why they are logged to
dmesg at the same time.

Any quick ideas would be helpful.

Thanks


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Sorry I forgot to paste my "grep" loglevel output. Here it is:

router:~# grep -i debug /etc/shorewall/*
/etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix
BANDWIDTH_IN: --log-level debug
/etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix
BANDWIDTH_IN: --log-level debug
/etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix
BANDWIDTH_OUT: --log-level debug
/etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix
BANDWIDTH_OUT: --log-level debug
router:~# grep -i info /etc/shorewall/*
/etc/shorewall/shorewall.conf:#  For information about the settings in this
file, type "man shorewall.conf"
/etc/shorewall/shorewall.conf:#  Additional information is available at
router:~# grep -i notice /etc/shorewall/*
router:~# grep -i warn /etc/shorewall/*
router:~# grep -i err /etc/shorewall/*
router:~# grep -i crit /etc/shorewall/*
router:~# grep -i alert /etc/shorewall/*
router:~# grep -i emer /etc/shorewall/*
router:~#

I don''t know why I have those "debug" keywords in the file
named "start".
Any idea ?

And here is the LOG related shorewall.conf items:

LOGFILE=/var/log/shorewall
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATELOGBURSTLOGALLNEWBLACKLIST_LOGLEVELMACLIST_LOG_LEVEL=$LOG
TCP_FLAGS_LOG_LEVEL=$LOG
RFC1918_LOG_LEVEL=$LOG
SMURF_LOG_LEVEL=$LOG
LOG_MARTIANS=No
VERBOSITY=1

On 5/4/08, Mekabe Ramein <mrmrmrmr@gmail.com>
wrote:
>
> Hi Tom & Simon,
>
> Thanks for your emails and all the information you just sent.
> I will read the docs you''ve supplied, but just a quick reply:
>
> I understand what you both tell me. But then I don''t understand
why I am
> receiving all those logs as though my policy file is only:
> wan     lan     ACCEPT
> lan     wan     ACCEPT
> fire    wan     ACCEPT
> fire    lan     ACCEPT
> wan     fire    REJECT
> lan     fire    ACCEPT
>
> And here is all results for the loglevel keywords.
>
> Btw, I am familiar with logging and loglevels. Also, I know how syslog
> acts, but I am not sure why all these are logged at all and why they are
> logged to dmesg at the same time.
>
> Any quick ideas would be helpful.
>
> Thanks
>

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
> Hi Tom & Simon,
>  
> Thanks for your emails and all the information you just sent.
> I will read the docs you''ve supplied, but just a quick reply:
>  
> I understand what you both tell me. But then I don''t understand
why I am
> receiving all those logs as though my policy file is only:
> wan     lan     ACCEPT
That is a very foolish policy. I hope you don''t expect this firewall to
actually stop anything.
> lan     wan     ACCEPT
> fire    wan     ACCEPT
> fire    lan     ACCEPT
> wan     fire    REJECT
> lan     fire    ACCEPT
>  
> And here is all results for the loglevel keywords.
>  
> Btw, I am familiar with logging and loglevels. Also, I know how syslog
> acts, but I am not sure why all these are logged at all and why they are
> logged to dmesg at the same time.
A) If you would show us one of these messages rather than complain about
them, we might be able to help you. Shorewall FAQ 17 might also be helpful.

B) dmesg is just a user-space tool that dumps out the contents of the
Kernels logging ring buffer. That is where ALL MESSAGES THAT ARE LOGGED
BY THE KERNEL COME FROM. The klogd daemon also reads the ring buffer and
forwards what it finds to syslog. So any kernel message that is logged
by syslog is also available to dmesg. And they will continue to be
visible to dmesg until they are overwritten by other log messages
(unless you use the -c option). So make sure that new messages are
actually being created and that you aren''t just seeing messages that
were created much earlier.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
> Sorry I forgot to paste my "grep" loglevel output. Here it is:
>  
> router:~# grep -i debug /etc/shorewall/*
> /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix
> BANDWIDTH_IN: --log-level debug
> /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG --log-prefix
> BANDWIDTH_IN: --log-level debug
> /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG --log-prefix
> BANDWIDTH_OUT: --log-level debug
> /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix
> BANDWIDTH_OUT: --log-level debug
Those are in your own /etc/shorewall/start file!!! *You* are putting
them there, not Shorewall.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

On 5/4/08, Tom Eastep <teastep@shorewall.net>
wrote:
>
> That is a very foolish policy. I hope you don''t expect this
firewall to
> actually stop anything.
>
> > lan     wan     ACCEPT
> > fire    wan     ACCEPT
> > fire    lan     ACCEPT
> > wan     fire    REJECT
> > lan     fire    ACCEPT


My LAN subnet is not reachable directly because it is not routed. I am using
NAT on my WAN interface.
And, this is just or beginning. I might think of hardening the rules when
everything is working fine.

> A) If you would show us one of these messages rather than complain about
> them, we might be able to help you. Shorewall FAQ 17 might also be
> helpful.

Some examples:
BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0
MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1
DST192.168.254.254 LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42547 DF PROTO=TCP
SPT=3813 DPT=22 WINDOW=15904 RES=0x00 ACK PSH URGP=0
BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254 DST=192.168.254.1 LEN=92
TOS=0x10 PREC=0x00 TTL=64 ID=37603 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576
RES=0x00 ACK PSH URGP=0
BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0
MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1
DST192.168.254.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=42548 DF PROTO=TCP
SPT=3813 DPT=22 WINDOW=15852 RES=0x00 ACK URGP=0
BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0
MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1
DST192.168.254.254 LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42549 DF PROTO=TCP
SPT=3813 DPT=22 WINDOW=15852 RES=0x00 ACK PSH URGP=0
BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254 DST=192.168.254.1 LEN=92
TOS=0x10 PREC=0x00 TTL=64 ID=37604 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576
RES=0x00 ACK PSH URGP=0
BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0
MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1
DST192.168.254.254 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=42550 DF PROTO=TCP
SPT=3813 DPT=22 WINDOW=15800 RES=0x00 ACK URGP=0
BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0
MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1
DST192.168.254.254 LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42551 DF PROTO=TCP
SPT=3813 DPT=22 WINDOW=15800 RES=0x00 ACK PSH URGP=0
BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254 DST=192.168.254.1 LEN=92
TOS=0x10 PREC=0x00 TTL=64 ID=37605 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576
RES=0x00 ACK PSH URGP=0

B) dmesg is just a user-space tool that dumps out the contents of
the
> Kernels logging ring buffer. That is where ALL MESSAGES THAT ARE LOGGED
> BY THE KERNEL COME FROM. The klogd daemon also reads the ring buffer and
> forwards what it finds to syslog. So any kernel message that is logged
> by syslog is also available to dmesg. And they will continue to be
> visible to dmesg until they are overwritten by other log messages
> (unless you use the -c option). So make sure that new messages are
> actually being created and that you aren''t just seeing messages
that
> were created much earlier.

New messages are being created every second. I am sure because I also watch
them by "tail -f /var/log/messages"


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

On 5/4/08, Tom Eastep <teastep@shorewall.net>
wrote:
>
> Mekabe Ramein wrote:
> > Sorry I forgot to paste my "grep" loglevel output. Here it
is:
> >
> > router:~# grep -i debug /etc/shorewall/*
> > /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG --log-prefix
> > BANDWIDTH_IN: --log-level debug
> > /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG
--log-prefix
> > BANDWIDTH_IN: --log-level debug
> > /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG
--log-prefix
> > BANDWIDTH_OUT: --log-level debug
> > /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG --log-prefix
> > BANDWIDTH_OUT: --log-level debug
>
> Those are in your own /etc/shorewall/start file!!! *You* are putting
> them there, not Shorewall.

Well, I didn''t write that "start" file. I just used the
webmin module. How
can I remove them ?


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
> 
> 
> On 5/4/08, *Tom Eastep* <teastep@shorewall.net 
> <mailto:teastep@shorewall.net>> wrote:
> 
>     That is a very foolish policy. I hope you don''t expect this
firewall to
>     actually stop anything.
> 
>      > lan     wan     ACCEPT
>      > fire    wan     ACCEPT
>      > fire    lan     ACCEPT
>      > wan     fire    REJECT
>      > lan     fire    ACCEPT
> 
>  
>  
> My LAN subnet is not reachable directly because it is not routed. I am 
> using NAT on my WAN interface.
> And, this is just or beginning. I might think of hardening the rules 
> when everything is working fine.
If I were connected to the same IP network as your WAN interface, I 
could get to every one of your LAN systems. They are COMPLETELY 
ACCESSIBLE from within that network.
> 
> 
>     A) If you would show us one of these messages rather than complain
about
>     them, we might be able to help you. Shorewall FAQ 17 might also be
>     helpful.
> 
>  
> Some examples:
> BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0 
> MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1 
> <http://192.168.254.1> DST=192.168.254.254
<http://192.168.254.254>
> LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42547 DF PROTO=TCP SPT=3813 DPT=22 
> WINDOW=15904 RES=0x00 ACK PSH URGP=0
> BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254
<http://192.168.254.254>
> DST=192.168.254.1 <http://192.168.254.1> LEN=92 TOS=0x10 PREC=0x00 
> TTL=64 ID=37603 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576 RES=0x00 ACK 
> PSH URGP=0
Those are coming from the entries in your /etc/shorewall/start file.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
> 
> 
> On 5/4/08, *Tom Eastep* <teastep@shorewall.net 
> <mailto:teastep@shorewall.net>> wrote:
> 
>     Mekabe Ramein wrote:
>      > Sorry I forgot to paste my "grep" loglevel output. Here
it is:
>      >
>      > router:~# grep -i debug /etc/shorewall/*
>      > /etc/shorewall/start:run_iptables -I INPUT -i br0 -j LOG
--log-prefix
>      > BANDWIDTH_IN: --log-level debug
>      > /etc/shorewall/start:run_iptables -I FORWARD -i br0 -j LOG
>     --log-prefix
>      > BANDWIDTH_IN: --log-level debug
>      > /etc/shorewall/start:run_iptables -I FORWARD -o br0 -j LOG
>     --log-prefix
>      > BANDWIDTH_OUT: --log-level debug
>      > /etc/shorewall/start:run_iptables -I OUTPUT -o br0 -j LOG
>     --log-prefix
>      > BANDWIDTH_OUT: --log-level debug
> 
>     Those are in your own /etc/shorewall/start file!!! *You* are putting
>     them there, not Shorewall.
> 
>  
> Well, I didn''t write that "start" file. I just used the
webmin module.
The /etc/shorewall/start file is for adding shell commands to be run at 
the end of ''shorewall start'' and ''shorewall
restart''. I''m doubtful that
the Shorewall Webmin modules does anything with that file but however 
those rules got there, they didn''t get there as a result of any
standard
Shorewall configuration option.
> How can I remove them ?
Use a text editor. Or simply remove the file entirely.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

On 5/4/08, Tom Eastep <teastep@shorewall.net>
wrote:
>
>
>
>
> If I were connected to the same IP network as your WAN interface, I could
> get to every one of your LAN systems. They are COMPLETELY ACCESSIBLE from
> within that network.

No. Because my wan Interface has a an IP address assigned by the ISP with
255.255.255.255 mask and the internal network is not routed by the ISP.
Anyway, this is a matter of network and I am sure that there is no danger :)

Those are coming from the entries in your /etc/shorewall/start file.


But what wrote them to the start file ?
How can I remove them ?


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

On 5/4/08, Tom Eastep <teastep@shorewall.net>
wrote:
>
> Use a text editor. Or simply remove the file entirely.

Ok. But why there is a "start" file if it''s not created by
Shorewall ?


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
> On 5/4/08, Tom Eastep <teastep@shorewall.net> wrote:
>> Use a text editor. Or simply remove the file entirely.
> 
> 
> Ok. But why there is a "start" file if it''s not created
by Shorewall ?
Shorewall comes with an EMPTY start file:

#
# Shorewall version 4 - Start File
#
# /etc/shorewall/start
#
#       Add commands below that you want to be executed after shorewall has
#       been started or restarted.
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
#
###############################################################################
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall itself never writes to the file. So you or some piece of software 
that you installed put those entries there. Accept the fact and move on.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Ok. Thank you.
I just removed them and logs have stopped.
I think now I found the reason.
There is a module named "Bandwidth Monitoring" in Webmin. I had played
with
that.
So it wrote the "start" file I guess. I will be more sure after I
reboot.
>>
Before this module can report on network usage on your system, it must be
set up to monitor traffic on the selected external network interface.
Several firewall rules must be added.

*Warning - this module will log ALL network traffic sent or received on the
selected interface. This will consume a large amount of disk space and CPU
time on a fast network connection.*


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

I''ve rebooted; and yes it is solved.
Thanks for all the help.

Now I just have one issue.
I want to change the destination of the logs to another file(if I activate
any logs). I don''t want to use the syslog and kern.log files.

In fact, I have the following line in my shorewall.conf file, but this file
is never created.
How can I activate this ?

I''ve read the logging documentation that you''ve sent but I am
not sure how
to proceed ?
Now, my system has klogd and syslogd. Do I have to install ulog for
redirecting the log output to another file ?


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

I''ve rebooted; and yes it is solved.
Thanks for all the help.

Now I just have one issue.
I want to change the destination of the logs to another file(if I activate
any logs). I don''t want to use the syslog and kern.log files.

In fact, I have the following line in my shorewall.conf file, but this file
is never created.
How can I activate this ?

I''ve read the logging documentation that you''ve sent but I am
not sure how
to proceed ?
Now, my system has klogd and syslogd. Do I have to install ulog for
redirecting the log output to another file ?


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Mekabe Ramein wrote:
> I''ve rebooted; and yes it is solved.
> Thanks for all the help.
> 
> Now I just have one issue.
> I want to change the destination of the logs to another file(if I activate
> any logs). I don''t want to use the syslog and kern.log files.
> 
> In fact, I have the following line in my shorewall.conf file, but this file
> is never created.
> How can I activate this ?
> 
 From "man shorewall.conf":

LOGFILE=[pathname]
	This parameter tells the /sbin/shorewall program where to look for
	Shorewall messages when processing the dump, logwatch, show log, and
	hits commands.

Notice that it does NOT say that LOGFILE directs where the log goes.
> I''ve read the logging documentation that you''ve sent but
I am not sure how
> to proceed ?
> Now, my system has klogd and syslogd. Do I have to install ulog for
> redirecting the log output to another file ?
Either that (and use ULOG in your shorewall configuration files) or install 
syslog-ng.

One more time -- it is the kernel that creates the log messages, not 
Shorewall. Shorewall can direct the kernel to log through syslog (syslog-ng) 
or through ulogd; those are the only two choices. Where the messages are 
written to is determined by syslog (syslog-ng) or ulogd -- NOT Shorewall.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Ok; I''ve installed ulogd and configured it as described.
It is working as expected now.
Thanks for all the help you supplied.


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone