Re: [Shorewall-devel] Shorewall 4.4.20 Beta 3

> 'man shorewall.conf' and look for TCP_FLAGS_LOG_LEVEL
>
> [...]
> Look at the first rule again. Apparently, there is an optional interface
> that is not currently up so Shorewall uses an unmatchable address
> (0.0.0.0) in that case.
>
> [...]
>
> man shorewall.conf and look for SMURF_LOG_LEVEL
>
That did it - all of the smurflogs and tcplogs chains are gone now - as
they should. As for this interface which isn't running - it is my tun0
device, though I have a reference (i.e. a jump) to the smurfs chain from
net2fw (it follows immediately after blacklst), so I am not sure that's
right.

I have also discovered this little gem:

Chain AReject (0 references)
 pkts bytes target prot opt in out source
destination
 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
  0 0 A_REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */

I am not at all clear how the first statement will be executed!

------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

• This message: [ Message body ]
• Next message: Mr Dash Four: "Re: [Shorewall-devel] Shorewall 4.4.20 Beta 3"
• Previous message: Tom Eastep: "Re: [Shorewall-devel] Shorewall 4.4.20 Beta 3"
• In reply to: Tom Eastep: "Re: [Shorewall-devel] Shorewall 4.4.20 Beta 3"
• Next in thread: Tom Eastep: "Re: [Shorewall-devel] Shorewall 4.4.20 Beta 3"
• Reply: Tom Eastep: "Re: [Shorewall-devel] Shorewall 4.4.20 Beta 3"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]