thr3ads.net - Shorewall users - Invalid log prefix with default settings [Jul 2012]

If this information is useful, please help other people find it:
Share via:

alex

2012-Jul-19 10:57 UTC

Invalid log prefix with default settings

Hello,
    With Shorewall 4.5.6 as result I see the following messages in system
log:

Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577] --log-prefixIN=tun0
OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=32085
DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Tom Eastep

2012-Jul-19 14:00 UTC

head link

Re: Invalid log prefix with default settings

On 07/19/2012 03:57 AM, alex wrote:>     Hello,
>     With Shorewall 4.5.6 as result I see the following messages in
> system log:
> 
> Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577] --log-prefixIN=tun0
> OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63
> ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0
It''s a bug in iptables-restore that has been discussed recently on this
list.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________





------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

alex

2012-Jul-19 14:33 UTC

head link

Re: Invalid log prefix with default settings

Thank you and excuse me for repeated question.

Tom, I sent you new macro ''macro.NFS4'' some tomes ago:

#
# Shorewall version 4 NFS4 Macro
#
# /usr/share/shorewall/macro.NFS4
#
#       This macro handles NFSv4 traffic.
#
###############################################################################
#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
#                               PORT(S) PORT(S) LIMIT   GROUP
PARAM   -       -       tcp     2049
PARAM   -       -       udp     2049


I don''t see it in latest Shorewall version. Do you see it is useless?


2012/7/19 Tom Eastep <teastep@shorewall.net>
> On 07/19/2012 03:57 AM, alex wrote:
> >     Hello,
> >     With Shorewall 4.5.6 as result I see the following messages in
> > system log:
> >
> > Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577]
--log-prefixIN=tun0
> > OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63
> > ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0
>
> It''s a bug in iptables-restore that has been discussed recently on
this
> list.
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
>
>
------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today''s security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Tom Eastep

2012-Jul-19 15:36 UTC

head link

Re: Invalid log prefix with default settings

On 07/19/2012 07:33 AM, alex wrote:> Thank you and excuse me for repeated question.
>
> Tom, I sent you new macro ''macro.NFS4'' some tomes ago:
>
> #
> # Shorewall version 4 NFS4 Macro
> #
> # /usr/share/shorewall/macro.NFS4
> #
> #       This macro handles NFSv4 traffic.
> #
>
###############################################################################
> #ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
> #                               PORT(S) PORT(S) LIMIT   GROUP
> PARAM   -       -       tcp     2049
> PARAM   -       -       udp     2049
>
>
> I don''t see it in latest Shorewall version. Do you see it is
useless?
It requires a particular NFS configuration setup and it doesn''t cover 
all of the services required by NFS. So I have chosen not to include it.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

alex

2012-Jul-19 16:16 UTC

head link

Re: Invalid log prefix with default settings

As I know it covers all NFS4 (not early NFS versions) services. At least it
works for me.


2012/7/19 Tom Eastep <teastep@shorewall.net>
> On 07/19/2012 07:33 AM, alex wrote:
> > Thank you and excuse me for repeated question.
> >
> > Tom, I sent you new macro ''macro.NFS4'' some tomes
ago:
> >
> > #
> > # Shorewall version 4 NFS4 Macro
> > #
> > # /usr/share/shorewall/macro.NFS4
> > #
> > #       This macro handles NFSv4 traffic.
> > #
> >
>
###############################################################################
> > #ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
> > #                               PORT(S) PORT(S) LIMIT   GROUP
> > PARAM   -       -       tcp     2049
> > PARAM   -       -       udp     2049
> >
> >
> > I don''t see it in latest Shorewall version. Do you see it is
useless?
>
> It requires a particular NFS configuration setup and it doesn''t
cover
> all of the services required by NFS. So I have chosen not to include it.
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
>
------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today''s security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Bill Shirley

2012-Jul-20 06:10 UTC

head link

Re: Invalid log prefix with default settings

On 7/19/2012 10:00 AM, Tom Eastep wrote:> On 07/19/2012 03:57 AM, alex wrote:
>>      Hello,
>>      With Shorewall 4.5.6 as result I see the following messages in
>> system log:
>>
>> Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577]
--log-prefixIN=tun0
>> OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63
>> ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0
> It''s a bug in iptables-restore that has been discussed recently on
this
> list.
>
> -Tom
>
>
>
------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today''s security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
Fedora 17 has a fix:

# su -c ''yum update --enablerepo=updates-testing
iptables-1.4.14-2.fc17''

Works for me.

Bill




------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

alex

2012-Jul-20 08:12 UTC

head link

Re: Invalid log prefix with default settings

Great!
Thank you very much, Bill.
It is exactly my case (FC17).
Logging really works fine after fix was installed.


2012/7/20 Bill Shirley <bill@ultrapoly.polymerindustries.biz>
> On 7/19/2012 10:00 AM, Tom Eastep wrote:
> > On 07/19/2012 03:57 AM, alex wrote:
> >>      Hello,
> >>      With Shorewall 4.5.6 as result I see the following messages
in
> >> system log:
> >>
> >> Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577]
--log-prefixIN=tun0
> >> OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63
> >> ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN
URGP=0
> > It''s a bug in iptables-restore that has been discussed
recently on this
> > list.
> >
> > -Tom
> >
> >
> >
>
------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today''s security
and
> > threat landscape has changed and how IT managers can respond.
Discussions
> > will include endpoint security, mobile security and the latest in
malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >
> >
> > _______________________________________________
> > Shorewall-users mailing list
> > Shorewall-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
> Fedora 17 has a fix:
>
> # su -c ''yum update --enablerepo=updates-testing
iptables-1.4.14-2.fc17''
>
> Works for me.
>
> Bill
>
>
>
>
>
>
------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today''s security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Shorewall users - Jul 2012 - Invalid log prefix with default settings

Invalid log prefix with default settings

Re: Invalid log prefix with default settings

Re: Invalid log prefix with default settings

Re: Invalid log prefix with default settings

Re: Invalid log prefix with default settings

Re: Invalid log prefix with default settings

Re: Invalid log prefix with default settings