API tools faq
paste
AndrzejL

shorewall diagnostics

AndrzejL
Dec 14th, 2012
166
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.83 KB | None | 0 0
raw download clone embed print report
  1. [root@wishmacer andrzejl]# date > /var/log/shorewall.log
  2. [root@wishmacer andrzejl]# date > /var/log/shorewall-init.log
  3. [root@wishmacer andrzejl]# systemctl stop shorewall.service
  4. [root@wishmacer andrzejl]# systemctl start shorewall.service
  5. [root@wishmacer andrzejl]# cat /var/log/shorewall.log
  6. Fri 14 Dec 13:11:49 GMT 2012
  7. [root@wishmacer andrzejl]# cat /var/log/shorewall-init.log
  8. Fri 14 Dec 13:11:56 GMT 2012
  9. Dec 14 13:12:18 Stopping Shorewall....
  10. Dec 14 13:12:18 Processing /etc/shorewall/stop ...
  11. Dec 14 13:12:18 Processing /etc/shorewall/tcclear ...
  12. Dec 14 13:12:18 Running /usr/sbin/iptables-restore...
  13. Dec 14 13:12:18 IPv4 Forwarding Enabled
  14. Dec 14 13:12:18 Processing /etc/shorewall/stopped ...
  15. Dec 14 13:12:18 done.
  16. Dec 14 13:12:24 Processing /etc/shorewall/params ...
  17. Dec 14 13:12:24 Processing /etc/shorewall/shorewall.conf...
  18. Dec 14 13:12:24 Loading Modules...
  19. Dec 14 13:12:24 Compiling /etc/shorewall/zones...
  20. Dec 14 13:12:24 Compiling /etc/shorewall/interfaces...
  21. Dec 14 13:12:24 Interface "net eth0 -" Validated
  22. Dec 14 13:12:24 Determining Hosts in Zones...
  23. Dec 14 13:12:24 net (ipv4)
  24. Dec 14 13:12:24 eth0:0.0.0.0/0
  25. Dec 14 13:12:24 fw (firewall)
  26. Dec 14 13:12:24 Locating Action Files...
  27. Dec 14 13:12:24 Compiling /usr/share/shorewall/action.Drop for chain Drop...
  28. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.Auth...
  29. Dec 14 13:12:24 Rule "PARAM - - tcp 113" Compiled
  30. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.Auth
  31. Dec 14 13:12:24 Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
  32. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
  33. Dec 14 13:12:24 Rule "PARAM - - icmp fragmentation-needed" Compiled
  34. Dec 14 13:12:24 Rule "PARAM - - icmp time-exceeded" Compiled
  35. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.AllowICMPs
  36. Dec 14 13:12:24 Compiling /usr/share/shorewall/action.Invalid for chain Invalid...
  37. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.SMB...
  38. Dec 14 13:12:24 Rule "PARAM - - udp 135,445" Compiled
  39. Dec 14 13:12:24 Rule " PARAM - - udp 137:139" Compiled
  40. Dec 14 13:12:24 Rule "PARAM - - udp 1024: 137" Compiled
  41. Dec 14 13:12:24 Rule "PARAM - - tcp 135,139,445" Compiled
  42. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.SMB
  43. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
  44. Dec 14 13:12:24 Rule "PARAM - - udp 1900" Compiled
  45. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.DropUPnP
  46. Dec 14 13:12:24 Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn...
  47. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
  48. Dec 14 13:12:24 Rule "PARAM - - udp - 53" Compiled
  49. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.DropDNSrep
  50. Dec 14 13:12:24 Compiling /usr/share/shorewall/action.Reject for chain Reject...
  51. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.Auth...
  52. Dec 14 13:12:24 Rule "PARAM - - tcp 113" Compiled
  53. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.Auth
  54. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
  55. Dec 14 13:12:24 Rule "PARAM - - icmp fragmentation-needed" Compiled
  56. Dec 14 13:12:24 Rule "PARAM - - icmp time-exceeded" Compiled
  57. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.AllowICMPs
  58. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.SMB...
  59. Dec 14 13:12:24 Rule "PARAM - - udp 135,445" Compiled
  60. Dec 14 13:12:24 Rule " PARAM - - udp 137:139" Compiled
  61. Dec 14 13:12:24 Rule "PARAM - - udp 1024: 137" Compiled
  62. Dec 14 13:12:24 Rule "PARAM - - tcp 135,139,445" Compiled
  63. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.SMB
  64. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
  65. Dec 14 13:12:24 Rule "PARAM - - udp 1900" Compiled
  66. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.DropUPnP
  67. Dec 14 13:12:24 ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
  68. Dec 14 13:12:24 Rule "PARAM - - udp - 53" Compiled
  69. Dec 14 13:12:24 ..End Macro /usr/share/shorewall/macro.DropDNSrep
  70. Dec 14 13:12:24 Compiling /etc/shorewall/policy...
  71. Dec 14 13:12:24 Policy for fw to net is ACCEPT using chain fw2net
  72. Dec 14 13:12:24 Policy for net to fw is DROP using chain net2all
  73. Dec 14 13:12:24 Policy for net to fw is REJECT using chain all2all
  74. Dec 14 13:12:24 Policy for fw to net is REJECT using chain all2all
  75. Dec 14 13:12:24 Running /etc/shorewall/initdone...
  76. Dec 14 13:12:24 Compiling Kernel Route Filtering...
  77. Dec 14 13:12:24 Compiling Martian Logging...
  78. Dec 14 13:12:24 Compiling /etc/shorewall/tcrules...
  79. Dec 14 13:12:24 Compiling MAC Filtration -- Phase 1...
  80. Dec 14 13:12:24 Chain eth0_iop deleted
  81. Dec 14 13:12:24 Chain eth0_fop deleted
  82. Dec 14 13:12:24 Compiling /etc/shorewall/rules...
  83. Dec 14 13:12:24 Rule "ACCEPT net fw tcp 50505 -" Compiled
  84. Dec 14 13:12:24 Compiling /etc/shorewall/conntrack...
  85. Dec 14 13:12:24 Conntrack rule "CT:helper:amanda:PO - - udp 10080" Compiled
  86. Dec 14 13:12:24 Conntrack rule "CT:helper:amanda:PO - - udp 10080" Compiled
  87. Dec 14 13:12:24 Conntrack rule "CT:helper:ftp:PO - - tcp 21" Compiled
  88. Dec 14 13:12:24 Conntrack rule "CT:helper:ftp:PO - - tcp 21" Compiled
  89. Dec 14 13:12:24 Conntrack rule "CT:helper:irc:PO - - tcp 6667" Compiled
  90. Dec 14 13:12:24 Conntrack rule "CT:helper:irc:PO - - tcp 6667" Compiled
  91. Dec 14 13:12:24 Conntrack rule "CT:helper:netbios-ns:PO - - udp 137" Compiled
  92. Dec 14 13:12:24 Conntrack rule "CT:helper:netbios-ns:PO - - udp 137" Compiled
  93. Dec 14 13:12:24 Conntrack rule "CT:helper:pptp:PO - - tcp 1723" Compiled
  94. Dec 14 13:12:24 Conntrack rule "CT:helper:pptp:PO - - tcp 1723" Compiled
  95. Dec 14 13:12:24 Conntrack rule "CT:helper:sane:PO - - tcp 6566" Compiled
  96. Dec 14 13:12:24 Conntrack rule "CT:helper:sane:PO - - tcp 6566" Compiled
  97. Dec 14 13:12:24 Conntrack rule "CT:helper:sip:PO - - udp 5060" Compiled
  98. Dec 14 13:12:24 Conntrack rule "CT:helper:sip:PO - - udp 5060" Compiled
  99. Dec 14 13:12:24 Conntrack rule "CT:helper:snmp:PO - - udp 161" Compiled
  100. Dec 14 13:12:24 Conntrack rule "CT:helper:snmp:PO - - udp 161" Compiled
  101. Dec 14 13:12:24 Conntrack rule "CT:helper:tftp:PO - - udp 69" Compiled
  102. Dec 14 13:12:24 Conntrack rule "CT:helper:tftp:PO - - udp 69" Compiled
  103. Dec 14 13:12:24 Compiling MAC Filtration -- Phase 2...
  104. Dec 14 13:12:24 Applying Policies...
  105. Dec 14 13:12:24 Policy DROP from net to fw using chain net2fw
  106. Dec 14 13:12:24 Policy ACCEPT from fw to net using chain fw2net
  107. Dec 14 13:12:24 Generating Rule Matrix...
  108. Dec 14 13:12:24 Handling complex zones...
  109. Dec 14 13:12:24 Entering main matrix-generation loop...
  110. Dec 14 13:12:24 Chain eth0_in deleted
  111. Dec 14 13:12:24 Finishing matrix...
  112. Dec 14 13:12:24 Chain eth0_fwd deleted
  113. Dec 14 13:12:24 Creating iptables-restore input...
  114. Dec 14 13:12:24 Shorewall configuration compiled to /var/lib/shorewall/.start
  115. Dec 14 13:12:24 Starting Shorewall....
  116. Dec 14 13:12:24 Initializing...
  117. Dec 14 13:12:25 Processing /etc/shorewall/init ...
  118. Dec 14 13:12:25 Processing /etc/shorewall/tcclear ...
  119. Dec 14 13:12:25 Setting up Route Filtering...
  120. Dec 14 13:12:25 Setting up Martian Logging...
  121. Dec 14 13:12:25 Setting up Proxy ARP...
  122. Dec 14 13:12:25 Disabling Kernel Automatic Helper Association
  123. Dec 14 13:12:25 Preparing iptables-restore input...
  124. Dec 14 13:12:25 Running /usr/sbin/iptables-restore...
  125. Dec 14 13:12:25 IPv4 Forwarding Enabled
  126. Dec 14 13:12:25 Processing /etc/shorewall/start ...
  127. Dec 14 13:12:25 Processing /etc/shorewall/started ...
  128. Dec 14 13:12:25 done.
  129. [root@wishmacer andrzejl]# systemctl status shorewall.service
  130. shorewall.service - Shorewall IPv4 firewall
  131. Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled)
  132. Active: active (exited) since Fri, 2012-12-14 13:12:25 GMT; 43s ago
  133. Process: 2750 ExecStop=/usr/sbin/shorewall $OPTIONS stop (code=exited, status=0/SUCCESS)
  134. Process: 2817 ExecStart=/usr/sbin/shorewall $OPTIONS start (code=exited, status=0/SUCCESS)
  135. CGroup: name=systemd:/system/shorewall.service
  136.  
  137. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: Setting up Route Filtering...
  138. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: Setting up Martian Logging...
  139. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: Setting up Proxy ARP...
  140. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: Preparing iptables-restore input...
  141. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: Running /usr/sbin/iptables-restore...
  142. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: IPv4 Forwarding Enabled
  143. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: Processing /etc/shorewall/start ...
  144. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: Processing /etc/shorewall/started ...
  145. Dec 14 13:12:25 wishmacer.loc logger[3111]: Shorewall started
  146. Dec 14 13:12:25 wishmacer.loc shorewall[2817]: done.
  147. Dec 14 13:12:25 wishmacer.loc systemd[1]: Started Shorewall IPv4 firewall.
  148. [root@wishmacer andrzejl]#
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!