Hi everybody Am 06.05.2018 um 08:22 schrieb Tuomo Soini: > On Sat, 5 May 2018 23:21:21 +0200 > Erich Titl <erich.t...@think.ch> wrote: > ...
> > Please note: action.Reject is deprecated. Not REJECT. And same for > action.Drop versus DROP. #SOURCE DEST POLICY LOGLEVEL LIMIT CONNLIMIT loc net ACCEPT loc vpn ACCEPT net all DROP # If you want open access to the Internet from your Firewall # remove the comment from the following line. fw net ACCEPT # THE FOLLOWING POLICY MUST BE LAST # all all REJECT NFLOG(4) looks correct to me I believe I found the culprit in shorewall.conf, which was saved on my system with the following DEFAULT actions ############################################################################### # D E F A U L T A C T I O N S / M A C R O S ############################################################################### #ACCEPT_DEFAULT="none" #BLACKLIST_DEFAULT="dropBcasts,dropNotSyn,dropInvalid" #DROP_DEFAULT="Drop" #NFQUEUE_DEFAULT="none" #QUEUE_DEFAULT="none" #REJECT_DEFAULT="Reject" ACCEPT_DEFAULT=none BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,Drop DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" As you can see, I commented them out now and replaced them with the default settings from the documentation ad the warning goes away. Would it be possible to fix this with shorewall update? cheers ET
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
