similar to: Metalog and Shorewall

I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate NetFlow information about traffic going through my router. The question is how to get the logging rules added to the appropriate chains (I''m assuming eth2_in and eth2_out in my case)? I''m using the perl version of shorewall 4.0.6. -- Orion Poplawski Technical Manager 303-415-9701

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 See if this change to proxy arp is more palatable. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

On 28/07/2010 15:45, shorewall-users-request@lists.sourceforge.net wrote: > On 7/28/10 1:50 AM, Andrea Perdicchia wrote: > >> > Hi all, >> > Is possible log mac address in shorewall? >> > I try all configuration "debug,info..." in /etc/shorewall/shorewall.conf >> > but in /var/log/messages the log show only few information and not mac

Dear all: Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the firewall is running, but nothing is printed on the logs. I try, for example, to do a connection to a port that is opened on the server but closed by the FW and I get a connection refused. If I stop the firewall, this port is accesible from the outside. I think I''ve followed all the steps on

hi, if i would like to use ulog (in order to split netfilter messages from other kernel messages), than i have to set all loglevel to ULOG? and then is there any way to define diferent loglevel for eg. maclist? thanks in advance. yours. ps. it''s a bit confusing that all loglevel parameter name is LOG_LEVEL except BLACKLIST_LOGLEVEL:-( -- Levente

Dear newfound friends, please be patient. For me reading and writing in English is more painful than dissecting IP traces :) I have tried reading through the FAQ but could not quite understand: I would like the logs to be terser. I think I can live without MAC, LEN, TOS, PREC, TTL, ID fields normally (maybe need them only in special situations). Could not understand if/how I can achieve this.

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts

Hello all, I am trying to implement intrinsics __readeflags and __writeeflags reading and writing EFLAGS register on x86. These intrinsics expand to two instructions popf and push to register for __readeflags and pushf and pop to register for __writeeflags. These instructions are not connected explicitly so I can't use patterns in .td file to match intrinsics. I tried to implement custom

Hello, I installed my linux server for 3 months now. It does almost everything (dns, web & mail server, firewall ...). I just encounterd two problems with the firewall: behind this server there are 2 computers: i got emule on one and msn on the other. The problem is that I can''t configure well the firewall fore these 2 rules. I''ve added DNAT rules but it

These intrinsics are introduced for compatibility purposes. Besides MSVC GCC also supports it in its main trunk; ICC supports it on Windows and is going to support in the next version on Linux. 2013/12/18 Joerg Sonnenberger <joerg at britannica.bec.de> > On Tue, Dec 17, 2013 at 01:05:10PM -0800, David Majnemer wrote: > > This intrinsic seems very ill-defined, apparently it can be

Hi. I have a Server''s network with some servers in it, all with 192.168.1.0/25 ips. There is also a router in that network with ip 192.168.1.1. This router also connected to a client''s network 10.10.0.0/16 with ip 10.10.100.1. All services on each server are given their virtual address from one of two virtual networks 192.168.1.128/28 and 192.168.1.144/28. 192.168.1.128/28 is

OK. Let me preface by saying I''ve read http://www.shorewall.net/shorewall_logging.html; http://www.shorewall.net/FAQ.htm -- FAQs 6,6a,tb,tc,6d,16,17 and 21; http://marc.theaimsgroup.com/?l=gentoo-security&amp;m=106040714910563&amp;w=2; http://www.shorewall.net/troubleshoot.htm; man syslog; man 3 syslog; man syslogd; man klogd; man printk; man dmesg; skimmed through all of the

Hi, I''ve just recently switched off my (lame) hardware firewall onto an old box running linux 2.4.18, iptables 1.2.6 and shorewall 1.2.9. I''m kinda new to linux firewalling myself but so far Shorewall has taken much work from me. While reading myself into iptables I saw that just recently something called ULOG (userspace logging) has been implemented in newer kernels and

I think you can change the existing firewall logging code for log_rule_limit (where you have one case for for LOGRULENUMBERS and another almost identical case without) down to this slightly shorter version with no duplication (excerpt): if [ -n "$LOGRULENUMBERS" ]; then eval rulenum=\$${chain}_logrules [ -z "$rulenum" ] && rulenum=1 fi case

Hello, I tried Shorewall for the first time today. I am currently using an up-to-date installation of Debian Sid, which has shorewall 4.2.10, shorewall-shell 4.2.10 and shorewall-perl 4.2.10.1. I noticed that even though I had the following /etc/shorewall/policy file, iptables would still show LOG rules at the end of the INPUT and OUTPUT chains instead of ULOG rules. (Other logging related rules

I have tried using iptraf for my NAT firewall to analyse the IP traffic. Basically I am faced with this difficulty of related the source IP to the outgoing interface to the internet, so I am wondering if anyone has a suggestion for a different ways to do it, or a suggestion for a better tool. Details :- Supposed : eth0 - LAN eth1 - WAN1 eth2 - WAN2 And then

I''m noticing some weirdness in my ulog files with version 2.0.10. Here is a portion of the log: Jan 7 11:01:37 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100 DST=192.168.0.255 LEN=97 TOS=00 PREC=0x00 TTL=64 ID=44155 CE PROTO=UDP SPT=631 DPT=631 LEN=77 Jan 7 11:01:39 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT=

https://bugzilla.mindrot.org/show_bug.cgi?id=2693 Bug ID: 2693 Summary: ssh: Include'ed host is not resolved by ssh Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at

I have tried (RH7.3/shorewall-1.3.12-1) both of the following in shorewall.conf to eliminate ''rfc1918'' logging into /var/log/messages: RFC1918_LOG_LEVEL=debug RFC1918_LOG_LEVEL=notice Neither appear to eliminate the logging. Here''s what the ''logdrop'' chain shows: 1 229 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix \

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way