I have traffic that comes in one interface and then goes out the same interface and I would like to add a rule to log some connections: ACCEPT:info all ent:192.9.207.100,192.9.208.15 all - So the idea is to log anything that comes in through any zone and out to 2 particular addresses in the ent zone. The logging works only for traffic that comes from any zone other than the ent zone. The the ent zone is on a routeback interface and there are multiple networks behind it. Is this normal behaviour? TIA. -- Scott Ryan ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
Tom Eastep
2010-Jul-16 12:36 UTC
Re: logging rules not working for routeback interface / zone
On 7/16/10 1:24 AM, Scott Ryan wrote:> I have traffic that comes in one interface and then goes out the same > interface and I would like to add a rule to log some connections: > > ACCEPT:info all ent:192.9.207.100,192.9.208.15 all - > > So the idea is to log anything that comes in through any zone and out > to 2 particular addresses in the ent zone. > The logging works only for traffic that comes from any zone other than > the ent zone. > > The the ent zone is on a routeback interface and there are multiple > networks behind it. > > Is this normal behaviour?Yes. ''man shorewall-rules'' and read about the various forms of ''all''. In your case, you want ''all+''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
Scott Ryan
2010-Jul-16 13:19 UTC
Re: logging rules not working for routeback interface / zone
Thanks for your advice, now it is logging correctly. On Fri, Jul 16, 2010 at 1:36 PM, Tom Eastep <teastep@shorewall.net> wrote:> On 7/16/10 1:24 AM, Scott Ryan wrote: >> I have traffic that comes in one interface and then goes out the same >> interface and I would like to add a rule to log some connections: >> >> ACCEPT:info all ent:192.9.207.100,192.9.208.15 all - >> >> So the idea is to log anything that comes in through any zone and out >> to 2 particular addresses in the ent zone. >> The logging works only for traffic that comes from any zone other than >> the ent zone. >> >> The the ent zone is on a routeback interface and there are multiple >> networks behind it. >> >> Is this normal behaviour? > > Yes. ''man shorewall-rules'' and read about the various forms of ''all''. In > your case, you want ''all+''. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >-- Scott Ryan http://bonoboslr.wordpress.com/ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first