Re: [Fwbuilder-discussion] some problem with generated rules (FWB 1.1.2)
Brought to you by:
mikehorn
From: Vadim K. <va...@vk...> - 2004-06-04 18:13:11
|
this is a bug, please file a bug report on Source Forge page. A simple workaround is to use "Accept" instead of "Accounting", it=20 generates correct code for action Accept. --vk On Jun 4, 2004, at 5:43 AM, Herve Pinvidic wrote: > Hello, > > I use FWB 1.1.2 on RedHat 9. > I have a problem with the iptables rules generated by FWB. > > I have 3 HTTP proxies and I want log all the HTTP connexions > not made by the proxies. > > My FWB rule is (on my internal interface): > Source Destination Service Action Direction time option > !proxy1 > !proxy2 any http ACCOUNTING inbound any log > !proxy3 https > > The generated rules are: > # > # Rule 24(eth0) > # > # ACCOUNTING: httpd direct > # > $IPTABLES -N eth0_In_RULE_24_1 > $IPTABLES -A eth0_In_RULE_24_1 -i eth0 -j RETURN > $IPTABLES -A INPUT -i eth0 -p tcp -m multiport --destination-ports=20= > 80,443 -j eth0_In_RULE_24_1 > $IPTABLES -A FORWARD -i eth0 -p tcp -m multiport =20 > --destination-ports 80,443 -j eth0_In_RULE_24_1 > $IPTABLES -N Cid40C054BD.0 > $IPTABLES -A Cid40C054BD.0 -i eth0 -s <ip_proxy1> -j RETURN > $IPTABLES -A Cid40C054BD.0 -i eth0 -s <ip_proxy2> -j RETURN > $IPTABLES -A Cid40C054BD.0 -i eth0 -s <ip_proxy3> -j RETURN > $IPTABLES -N eth0_In_RULE_24_3 > $IPTABLES -A Cid40C054BD.0 -i eth0 -j eth0_In_RULE_24_3 > $IPTABLES -A eth0_In_RULE_24_3 -j LOG --log-level info --log-prefix=20= > "RULE 24 (eth0) -- ACCOUNTING " > $IPTABLES -N eth0_RULE_24_3 > $IPTABLES -A eth0_RULE_24_3 -j RETURN > $IPTABLES -A eth0_In_RULE_24_3 -j eth0_RULE_24_3 > # > > I do not have any log !!!! > > If I log every connexions not from proxy1, it works fine : I have > some logs. > > My FWB rule is (on my internal interface): > Source Destination Service Action Direction time option > !proxy1 any http ACCOUNTING inbound any log > https > > The generated rules are: > # > # Rule 25(eth0) > # > # ACCOUNTING: httpd direct > # > $IPTABLES -N eth0_In_RULE_25 > $IPTABLES -A INPUT -i eth0 -p tcp -m multiport -s ! <ip_proxy1>=20 > --destination-ports 80,443 -j eth0_In_RULE_25 > $IPTABLES -A FORWARD -i eth0 -p tcp -m multiport -s ! <ip_proxy1>=20= > --destination-ports 80,443 -j eth0_In_RULE_25 > $IPTABLES -A eth0_In_RULE_25 -j LOG --log-level info --log-prefix=20= > "RULE 25 (eth0) -- ACCOUNTING " > $IPTABLES -N eth0_RULE_25 > $IPTABLES -A eth0_RULE_25 -j RETURN > $IPTABLES -A eth0_In_RULE_25 -j eth0_RULE_25 > > > What'is wrong ?? > Thanks for your help. > > Best Regards > Herv=E9 Pinvidic > > > > ------------------------------------------------------- > This SF.Net email is sponsored by the new InstallShield X. >> =46rom Windows to Linux, servers to mobile, InstallShield X is the = one > installation-authoring solution that does it all. Learn more and > evaluate today! http://www.installshield.com/Dev2Dev/0504 > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |