On 05/06/2018 07:03 AM, Erich Titl wrote: > Hi everybody > > Am 06.05.2018 um 08:22 schrieb Tuomo Soini: >> On Sat, 5 May 2018 23:21:21 +0200 >> Erich Titl <erich.t...@think.ch> wrote: >> > ... > >> >> Please note: action.Reject is deprecated. Not REJECT. And same for >> action.Drop versus DROP. > > #SOURCE DEST POLICY LOGLEVEL LIMIT CONNLIMIT > loc net ACCEPT > loc vpn ACCEPT > net all DROP > # If you want open access to the Internet from your Firewall > # remove the comment from the following line. > fw net ACCEPT > # THE FOLLOWING POLICY MUST BE LAST > # > all all REJECT NFLOG(4) > > looks correct to me > > > I believe I found the culprit in shorewall.conf, which was saved on my > system with the following DEFAULT actions > > ############################################################################### > # D E F A U L T A C T I O N S / M A C R O S > ############################################################################### > > #ACCEPT_DEFAULT="none" > #BLACKLIST_DEFAULT="dropBcasts,dropNotSyn,dropInvalid" > #DROP_DEFAULT="Drop" > #NFQUEUE_DEFAULT="none" > #QUEUE_DEFAULT="none" > #REJECT_DEFAULT="Reject" > > ACCEPT_DEFAULT=none > BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,Drop > DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" > NFQUEUE_DEFAULT=none > QUEUE_DEFAULT=none > REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" > > As you can see, I commented them out now and replaced them with the > default settings from the documentation ad the warning goes away. > > Would it be possible to fix this with shorewall update? >
'shorewall update' does fix this in 5.2.0. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users