Mailing List for Experienced Users of Shoreline Firewall (Shorewall)

alex | 19 Jul 2012 12:57

Picon

Invalid log prefix with default settings

Hello,
With Shorewall 4.5.6 as result I see the following messages in system log:

Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577] --log-prefixIN=tun0 OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Tom Eastep | 19 Jul 2012 16:00

Re: Invalid log prefix with default settings

On 07/19/2012 03:57 AM, alex wrote:
>     Hello,
>     With Shorewall 4.5.6 as result I see the following messages in
> system log:
> 
> Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577] --log-prefixIN=tun0
> OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63
> ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0

It's a bug in iptables-restore that has been discussed recently on this
list.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

alex | 19 Jul 2012 16:33

Picon

Re: Invalid log prefix with default settings

Thank you and excuse me for repeated question.

Tom, I sent you new macro 'macro.NFS4' some tomes ago:

#
# Shorewall version 4 NFS4 Macro
#
# /usr/share/shorewall/macro.NFS4
#
#       This macro handles NFSv4 traffic.
#
###############################################################################
#ACTION SOURCE DEST    PROTO   DEST    SOURCE RATE    USER/
#                               PORT(S) PORT(S) LIMIT   GROUP
PARAM   -       -       tcp     2049
PARAM   -       -       udp     2049

I don't see it in latest Shorewall version. Do you see it is useless?

2012/7/19 Tom Eastep <teastep <at> shorewall.net>

On 07/19/2012 03:57 AM, alex wrote:
> Hello,
> With Shorewall 4.5.6 as result I see the following messages in
> system log:
>
> Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577] --log-prefixIN=tun0
> OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63
> ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0

It's a bug in iptables-restore that has been discussed recently on this
list.

-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
Shorewall-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Tom Eastep | 19 Jul 2012 17:36

Re: Invalid log prefix with default settings

On 07/19/2012 07:33 AM, alex wrote:
> Thank you and excuse me for repeated question.
>
> Tom, I sent you new macro 'macro.NFS4' some tomes ago:
>
> #
> # Shorewall version 4 NFS4 Macro
> #
> # /usr/share/shorewall/macro.NFS4
> #
> #       This macro handles NFSv4 traffic.
> #
> ###############################################################################
> #ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
> #                               PORT(S) PORT(S) LIMIT   GROUP
> PARAM   -       -       tcp     2049
> PARAM   -       -       udp     2049
>
>
> I don't see it in latest Shorewall version. Do you see it is useless?

It requires a particular NFS configuration setup and it doesn't cover 
all of the services required by NFS. So I have chosen not to include it.

-Tom
--

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

alex | 19 Jul 2012 18:16

Picon

Re: Invalid log prefix with default settings

As I know it covers all NFS4 (not early NFS versions) services. At least it works for me.

2012/7/19 Tom Eastep <teastep <at> shorewall.net>

On 07/19/2012 07:33 AM, alex wrote:
> Thank you and excuse me for repeated question.
>
> Tom, I sent you new macro 'macro.NFS4' some tomes ago:
>
> #
> # Shorewall version 4 NFS4 Macro
> #
> # /usr/share/shorewall/macro.NFS4
> #
> # This macro handles NFSv4 traffic.
> #
> ###############################################################################
> #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
> # PORT(S) PORT(S) LIMIT GROUP
> PARAM - - tcp 2049
> PARAM - - udp 2049
>
>
> I don't see it in latest Shorewall version. Do you see it is useless?

It requires a particular NFS configuration setup and it doesn't cover
all of the services required by NFS. So I have chosen not to include it.

-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
Shorewall-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Bill Shirley | 20 Jul 2012 08:10

Re: Invalid log prefix with default settings

On 7/19/2012 10:00 AM, Tom Eastep wrote:
> On 07/19/2012 03:57 AM, alex wrote:
>>      Hello,
>>      With Shorewall 4.5.6 as result I see the following messages in
>> system log:
>>
>> Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577] --log-prefixIN=tun0
>> OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63
>> ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0
> It's a bug in iptables-restore that has been discussed recently on this
> list.
>
> -Tom
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

Fedora 17 has a fix:

# su -c 'yum update --enablerepo=updates-testing iptables-1.4.14-2.fc17'

Works for me.

Bill

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

alex | 20 Jul 2012 10:12

Picon

Re: Invalid log prefix with default settings

Great!
Thank you very much, Bill.
It is exactly my case (FC17).
Logging really works fine after fix was installed.

2012/7/20 Bill Shirley <bill <at> ultrapoly.polymerindustries.biz>

On 7/19/2012 10:00 AM, Tom Eastep wrote:
> On 07/19/2012 03:57 AM, alex wrote:
>> Hello,
>> With Shorewall 4.5.6 as result I see the following messages in
>> system log:
>>
>> Jul 19 13:48:29 epbyminw1174 kernel: [297475.206577] --log-prefixIN=tun0
>> OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=60 TOS=0x10 PREC=0x00 TTL=63
>> ID=32085 DF PROTO=TCP SPT=51910 DPT=55 WINDOW=5840 RES=0x00 SYN URGP=0
> It's a bug in iptables-restore that has been discussed recently on this
> list.
>
> -Tom
>
>

> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

Fedora 17 has a fix:

# su -c 'yum update --enablerepo=updates-testing iptables-1.4.14-2.fc17'

Works for me.

Bill

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
Shorewall-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Return

Return to gmane.comp.security.shorewall.

Project Web Page

Mailing List for Experienced Users of Shoreline Firewall (Shorewall)

Search Archive

Language

Change language

Options

Current view: Threads only / Showing whole messages / Not hiding cited text.
Change to All messages, shortened messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane