[Firehol-support] Warning with policy logging

Gabriel CORRE gac at 4js.com
Wed Oct 19 18:14:06 BST 2005


I want:
- log that is rejected by policy
- log what client protocol I'm forget to autorise
- don't log client protocol already know


When I'm use the firehol "log" command after "policy" command,
I got this warning:

WARNING
WHAT   : Finilizing interface 'lan'
WHY    : Overwritting param: log 'limit/IN-lan' becomes 'normal/LAN_REJECT'
COMMAND: interface eth0 lan_bcast dst 10.0.0.255/32
SOURCE : line 72 of /etc/firehol/firehol.conf

Have I do nothing not correctly ?
This warning really means something ?
How can I do that I want in the best config way ?

This is a part of my firehol.conf:

46:interface eth0 lan src "${lan_ips}" dst "${myip}"
47:        policy reject log LAN_REJECT
48:        protection all
49:
50:        server ssh              accept
51:        server icmp             accept
52:        server ident            reject with tcp-reset
53:
54:        client ssh              accept
55:        client dns              accept
[...]
67:        client ...              accept
68:        client ...              accept
69:        client ...              accept
70:        client all              accept log LAN_OK
71:
72:interface eth0 lan_bcast dst "${lanbcast_ip}"
73:        policy drop log LANBCAST_REJECT
[...]


Thanks

-- 
Gabriel CORRE
gac at 4js.com - Four J's Development Tools - www.4js.com




More information about the Firehol-support mailing list