Hello, I have Shorewall 4.2.7, shorewall.conf: SHOREWALL_COMPILER=perl LOG_MARTIANS=Yes interfaces: net eth2 detect dhcp,logmartians=0 But I still see in logs: martian destination 0.0.0.0 from 86.100.x.x, dev eth2 Is it possible to disable martian logging only on a specific interface? Regards, Nerijus ------------------------------------------------------------------------------
Nerijus Baliunas wrote:> Hello, > > I have Shorewall 4.2.7, shorewall.conf: > SHOREWALL_COMPILER=perl > LOG_MARTIANS=Yes > > interfaces: > net eth2 detect dhcp,logmartians=0 > > But I still see in logs: > martian destination 0.0.0.0 from 86.100.x.x, dev eth2 > > Is it possible to disable martian logging only on a specific interface?The above works fine here. Which distribution are you running? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
Tom Eastep wrote:> Nerijus Baliunas wrote: >> Hello, >> >> I have Shorewall 4.2.7, shorewall.conf: >> SHOREWALL_COMPILER=perl >> LOG_MARTIANS=Yes >> >> interfaces: >> net eth2 detect dhcp,logmartians=0 >> >> But I still see in logs: >> martian destination 0.0.0.0 from 86.100.x.x, dev eth2 >> >> Is it possible to disable martian logging only on a specific interface? > > The above works fine here. Which distribution are you running?I''ve done some more research and I discover, once again, that there is no consistency in how the various flags in /proc/sys/net/ipv4/conf/ work. The algorithm that I''m using for logmartians doesn''t work correctly when LOG_MARTIANS=Yes in shorewall.conf. So until I''m able to rework it, you will have to set LOG_MARTIANS=No in shorewall.conf and set each interface explicitly with logmartians=[0|1]. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
Tom Eastep wrote:> Tom Eastep wrote: >> Nerijus Baliunas wrote: >>> Hello, >>> >>> I have Shorewall 4.2.7, shorewall.conf: >>> SHOREWALL_COMPILER=perl >>> LOG_MARTIANS=Yes >>> >>> interfaces: >>> net eth2 detect dhcp,logmartians=0 >>> >>> But I still see in logs: >>> martian destination 0.0.0.0 from 86.100.x.x, dev eth2 >>> >>> Is it possible to disable martian logging only on a specific interface? >> The above works fine here. Which distribution are you running? > > I''ve done some more research and I discover, once again, that there is > no consistency in how the various flags in /proc/sys/net/ipv4/conf/ > work. The algorithm that I''m using for logmartians doesn''t work > correctly when LOG_MARTIANS=Yes in shorewall.conf. So until I''m able to > rework it, you will have to set LOG_MARTIANS=No in shorewall.conf and > set each interface explicitly with logmartians=[0|1].Another workaround is to simply include this in /etc/shorewall/start: echo 0 > /proc/sys/net/ipv4/conf/all/log_martians -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
On Thu, 02 Apr 2009 06:59:47 -0700 Tom Eastep <teastep@shorewall.net> wrote:> > Is it possible to disable martian logging only on a specific interface? > > The above works fine here. Which distribution are you running?Fedora 10. Regards, Nerijus ------------------------------------------------------------------------------