[Firehol-support] Warning with policy logging
Gabriel CORRE
gac at 4js.com
Wed Oct 19 19:14:06 CEST 2005
I want:
- log that is rejected by policy
- log what client protocol I'm forget to autorise
- don't log client protocol already know
When I'm use the firehol "log" command after "policy" command,
I got this warning:
WARNING
WHAT : Finilizing interface 'lan'
WHY : Overwritting param: log 'limit/IN-lan' becomes 'normal/LAN_REJECT'
COMMAND: interface eth0 lan_bcast dst 10.0.0.255/32
SOURCE : line 72 of /etc/firehol/firehol.conf
Have I do nothing not correctly ?
This warning really means something ?
How can I do that I want in the best config way ?
This is a part of my firehol.conf:
46:interface eth0 lan src "${lan_ips}" dst "${myip}"
47: policy reject log LAN_REJECT
48: protection all
49:
50: server ssh accept
51: server icmp accept
52: server ident reject with tcp-reset
53:
54: client ssh accept
55: client dns accept
[...]
67: client ... accept
68: client ... accept
69: client ... accept
70: client all accept log LAN_OK
71:
72:interface eth0 lan_bcast dst "${lanbcast_ip}"
73: policy drop log LANBCAST_REJECT
[...]
Thanks
--
Gabriel CORRE
gac at 4js.com - Four J's Development Tools - www.4js.com
More information about the Firehol-support
mailing list