On 05/06/2018 07:03 AM, Erich Titl wrote:
> Hi everybody
> 
> Am 06.05.2018 um 08:22 schrieb Tuomo Soini:
>> On Sat, 5 May 2018 23:21:21 +0200
>> Erich Titl <erich.t...@think.ch> wrote:
>>
> ...
> 
>>
>> Please note: action.Reject is deprecated. Not REJECT. And same for
>> action.Drop versus DROP.
> 
> #SOURCE         DEST            POLICY  LOGLEVEL        LIMIT   CONNLIMIT
> loc     net    ACCEPT
> loc     vpn    ACCEPT
> net     all    DROP
> # If you want open access to the Internet from your Firewall
> # remove the comment from the following line.
> fw             net             ACCEPT
> # THE FOLLOWING POLICY MUST BE LAST
> #
> all           all             REJECT          NFLOG(4)
> 
> looks correct to me
> 
> 
> I believe I found the culprit in shorewall.conf, which was saved on my
> system with the following DEFAULT actions
> 
> ###############################################################################
> #               D E F A U L T   A C T I O N S / M A C R O S
> ###############################################################################
> 
> #ACCEPT_DEFAULT="none"
> #BLACKLIST_DEFAULT="dropBcasts,dropNotSyn,dropInvalid"
> #DROP_DEFAULT="Drop"
> #NFQUEUE_DEFAULT="none"
> #QUEUE_DEFAULT="none"
> #REJECT_DEFAULT="Reject"
> 
> ACCEPT_DEFAULT=none
> BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,Drop
> DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
> NFQUEUE_DEFAULT=none
> QUEUE_DEFAULT=none
> REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
> 
> As you can see, I commented them out now and replaced them with the
> default settings from the documentation ad the warning goes away.
> 
> Would it be possible to fix this with shorewall update?
> 

'shorewall update' does fix this in 5.2.0.

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to