thr3ads.net - Shorewall users - routefilter or rpfilter interface option [Jul 2013]

If this information is useful, please help other people find it:
Share via:

Øyvind Lode

2013-Jul-04 10:54 UTC

routefilter or rpfilter interface option

Hi

I read about the new rpfilter interface option in the shorewall-interfaces man
page and on shorewall.net anti-spoofing page.

I''m running Linux 3.9.8 and Shorewall 4.5.16.1.

Created a test dir /etc/shorewall/test where I modified the interface file to
use "rpfilter" instead of "routefilter" on both loc and net
interfaces.

munin:test# shorewall check ./
Checking...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/test/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/test/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/masq...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Shorewall configuration verified
munin:test# shorewall safe-restart ./
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/test/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/test/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Generating Rule Matrix...
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Currently-running Configuration Saved to /var/lib/shorewall/.safe
Restarting...
Restarting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
/lib/xtables/libxt_rpfilter.so: no "rpfilter" extension found for this
protocol
/lib/xtables/libxt_rpfilter.so: no "rpfilter" extension found for this
protocol
IPv4 Forwarding Enabled
done.
Do you want to accept the new firewall configuration? [y/n] y
New configuration has been accepted
munin:test#

2 errors/warnings.

Should I worry about this?

Thanks

- Øyvind

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Shorewall users - Jul 2013 - routefilter or rpfilter interface option

routefilter or rpfilter interface option