Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1016451: shorewall takes more than 300 seconds to start if /etc/shorewall/blrules contains a lot of lines
48 views
Skip to first unread message
pseudo
Jul 31, 2022, 4:00:03 PM7/31/22
to
Package: shorewall
Version: 5.2.3.4-1
Severity: minor
Tags: upstream
Dear debian Maintainer,
* What led up to the situation?
I installed shorewall, everything worked fine.
Since I filled /etc/shorewall/blrules with ~4000 lines, shorewall takes huge time to start
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
Packet Filter takes 0.3 sec to start with the same blacklist.
* What's relevant logs?
Here is /var/log/shorewall-init.log
[...]
Jul 31 21:04:43 Conntrack rule "CT:helper:pptp:PO - - tcp 1723" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:sane:PO - - tcp 6566" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:sane:PO - - tcp 6566" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:sip:PO - - udp 5060" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:sip:PO - - udp 5060" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:snmp:PO - - udp 161" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:snmp:PO - - udp 161" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:tftp:PO - - udp 69" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:tftp:PO - - udp 69" Compiled
Jul 31 21:04:43 Compiling MAC Filtration -- Phase 2...
Jul 31 21:04:43 Applying Policies...
Jul 31 21:04:43 Policy ACCEPT from fw to net using chain fw-net
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Broadcast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type BROADCAST" Compiled
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type ANYCAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Broadcast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Multicast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Multicast
Jul 31 21:04:43 Policy DROP from net to fw using chain net-fw
Jul 31 21:04:43 Policy ACCEPT from net to net using chain net-net
Jul 31 21:04:43 Generating Rule Matrix...
Jul 31 21:04:43 Handling complex zones...
Jul 31 21:04:43 Entering main matrix-generation loop...
Jul 31 21:04:43 Finishing matrix...
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Broadcast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type BROADCAST" Compiled
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type ANYCAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Broadcast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Multicast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Multicast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Broadcast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type BROADCAST" Compiled
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type ANYCAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Broadcast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Multicast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Multicast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Broadcast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type BROADCAST" Compiled
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type ANYCAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Broadcast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Multicast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Multicast
Jul 31 21:04:43 Chain NET_IF_iop deleted
Jul 31 21:04:43 Chain A_DROP deleted
Jul 31 21:04:43 Chain NET_IF_oop deleted
Jul 31 21:04:43 Chain NET_IF_fop deleted
Jul 31 21:04:43 Chain net-net deleted
Jul 31 21:04:43 Optimizing Ruleset...
Jul 31 21:04:43
Table raw pass 1, 2 referenced chains, level 4a...
Jul 31 21:04:43
Table raw pass 2, 2 referenced chains, level 4b...
Jul 31 21:04:43
Table raw pass 2, 2 referenced user chains, level 16...
Jul 31 21:04:43
Table raw pass , 0 referenced user chains, level 8...
Jul 31 21:04:43 Table raw Optimized -- Passes = 1
Jul 31 21:04:43
Jul 31 21:04:43
Table nat pass 1, 4 referenced chains, level 4a...
Jul 31 21:04:43
Table nat pass 2, 4 referenced chains, level 4b...
Jul 31 21:04:43
Table nat pass 2, 4 referenced user chains, level 16...
Jul 31 21:04:43
Table nat pass , 0 referenced user chains, level 8...
Jul 31 21:04:43 Table nat Optimized -- Passes = 1
Jul 31 21:04:43
Jul 31 21:04:43
Table mangle pass 1, 10 referenced chains, level 4a...
Jul 31 21:04:43 Chain tcin deleted
Jul 31 21:04:43 Chain tcout deleted
Jul 31 21:04:43 Chain tcpost deleted
Jul 31 21:04:43 Chain tcpre deleted
Jul 31 21:04:43 Empty chain tcfor deleted
Jul 31 21:04:43
Table mangle pass 2, 5 referenced chains, level 4a...
Jul 31 21:04:43
Table mangle pass 3, 5 referenced chains, level 4b...
Jul 31 21:04:43
Table mangle pass 3, 5 referenced user chains, level 16...
Jul 31 21:04:43
Table mangle pass , 0 referenced user chains, level 8...
Jul 31 21:04:43 Table mangle Optimized -- Passes = 1
Jul 31 21:04:43
Jul 31 21:04:43
Table filter pass 1, 14 referenced chains, level 4a...
Jul 31 21:04:43 3 ACCEPT rules deleted from chain fw-net
Jul 31 21:04:43 3 DROP rules deleted from chain net-fw
Jul 31 21:04:43
Table filter pass 2, 14 referenced chains, level 4a...
Jul 31 21:04:43 1 references to chain fw-net replaced
Jul 31 21:04:43 Chain fw-net deleted
Jul 31 21:04:43
Table filter pass 3, 13 referenced chains, level 4a...
Jul 31 21:04:43
Table filter pass 4, 13 referenced chains, level 4b...
Jul 31 21:04:43
Table filter pass 5, 2 short chains, level 4c...
Jul 31 21:04:43
Table filter pass 5, 13 referenced user chains, level 16...
Jul 31 21:11:44
Table filter pass , 10 referenced user chains, level 8...
Jul 31 21:11:44 Table filter Optimized -- Passes = 1
Jul 31 21:11:44
Jul 31 21:11:44 Creating iptables-restore input...
Jul 31 21:11:45 Shorewall configuration compiled to /var/lib/shorewall/.start
Jul 31 21:11:45 Starting Shorewall....
Jul 31 21:11:45 Initializing...
Jul 31 21:11:45 Setting up Route Filtering...
Jul 31 21:11:45 Setting up Martian Logging...
Jul 31 21:11:45 Setting up Accept Source Routing...
Jul 31 21:11:45 Disabling Kernel Automatic Helper Association
Jul 31 21:11:45 Preparing iptables-restore input...
Jul 31 21:11:45 Running /sbin/iptables-restore --wait 60...
Jul 31 21:11:45 done.
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-16-amd64 (SMP w/4 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages shorewall depends on:
ii bc 1.07.1-2+b2
ii debconf [debconf-2.0] 1.5.77
ii iproute2 5.10.0-4
ii iptables 1.8.7-1
ii lsb-base 11.1.0
ii perl 5.32.1-4+deb11u2
ii shorewall-core 5.2.3.4-1
Versions of packages shorewall recommends:
ii libnetfilter-cthelper0 1.0.0-3
Versions of packages shorewall suggests:
ii make 4.3-4.1
ii shorewall-doc 5.2.3-1.1
-- Configuration Files:
/etc/shorewall/params changed:
/etc/shorewall/shorewall.conf changed:
STARTUP_ENABLED=Yes
VERBOSITY=1
PAGER=
FIREWALL=
LOG_LEVEL="debug"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="%s %s "
LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
SFILTER_LOG_LEVEL="$LOG_LEVEL"
SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
TC=
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=Yes
DOCKER=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
TRACK_RULES=No
USE_DEFAULT_RT=Yes
USE_NFLOG_SIZE=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
VERBOSE_MESSAGES=Yes
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
ZERO_MARKS=No
ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
-- debconf information:
shorewall/invalid_config:
shorewall/dont_restart:
shorewall/major_release:
Version: 5.2.3.4-1
Severity: minor
Tags: upstream
Dear debian Maintainer,
* What led up to the situation?
I installed shorewall, everything worked fine.
Since I filled /etc/shorewall/blrules with ~4000 lines, shorewall takes huge time to start
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
Packet Filter takes 0.3 sec to start with the same blacklist.
* What's relevant logs?
Here is /var/log/shorewall-init.log
[...]
Jul 31 21:04:43 Conntrack rule "CT:helper:pptp:PO - - tcp 1723" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:sane:PO - - tcp 6566" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:sane:PO - - tcp 6566" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:sip:PO - - udp 5060" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:sip:PO - - udp 5060" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:snmp:PO - - udp 161" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:snmp:PO - - udp 161" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:tftp:PO - - udp 69" Compiled
Jul 31 21:04:43 Conntrack rule "CT:helper:tftp:PO - - udp 69" Compiled
Jul 31 21:04:43 Compiling MAC Filtration -- Phase 2...
Jul 31 21:04:43 Applying Policies...
Jul 31 21:04:43 Policy ACCEPT from fw to net using chain fw-net
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Broadcast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type BROADCAST" Compiled
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type ANYCAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Broadcast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Multicast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Multicast
Jul 31 21:04:43 Policy DROP from net to fw using chain net-fw
Jul 31 21:04:43 Policy ACCEPT from net to net using chain net-net
Jul 31 21:04:43 Generating Rule Matrix...
Jul 31 21:04:43 Handling complex zones...
Jul 31 21:04:43 Entering main matrix-generation loop...
Jul 31 21:04:43 Finishing matrix...
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Broadcast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type BROADCAST" Compiled
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type ANYCAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Broadcast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Multicast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Multicast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Broadcast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type BROADCAST" Compiled
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type ANYCAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Broadcast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Multicast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Multicast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Broadcast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type BROADCAST" Compiled
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type ANYCAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Broadcast
Jul 31 21:04:43 ..Expanding inline action /usr/share/shorewall/action.Multicast...
Jul 31 21:04:43 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled
Jul 31 21:04:43 ..End inline action /usr/share/shorewall/action.Multicast
Jul 31 21:04:43 Chain NET_IF_iop deleted
Jul 31 21:04:43 Chain A_DROP deleted
Jul 31 21:04:43 Chain NET_IF_oop deleted
Jul 31 21:04:43 Chain NET_IF_fop deleted
Jul 31 21:04:43 Chain net-net deleted
Jul 31 21:04:43 Optimizing Ruleset...
Jul 31 21:04:43
Table raw pass 1, 2 referenced chains, level 4a...
Jul 31 21:04:43
Table raw pass 2, 2 referenced chains, level 4b...
Jul 31 21:04:43
Table raw pass 2, 2 referenced user chains, level 16...
Jul 31 21:04:43
Table raw pass , 0 referenced user chains, level 8...
Jul 31 21:04:43 Table raw Optimized -- Passes = 1
Jul 31 21:04:43
Jul 31 21:04:43
Table nat pass 1, 4 referenced chains, level 4a...
Jul 31 21:04:43
Table nat pass 2, 4 referenced chains, level 4b...
Jul 31 21:04:43
Table nat pass 2, 4 referenced user chains, level 16...
Jul 31 21:04:43
Table nat pass , 0 referenced user chains, level 8...
Jul 31 21:04:43 Table nat Optimized -- Passes = 1
Jul 31 21:04:43
Jul 31 21:04:43
Table mangle pass 1, 10 referenced chains, level 4a...
Jul 31 21:04:43 Chain tcin deleted
Jul 31 21:04:43 Chain tcout deleted
Jul 31 21:04:43 Chain tcpost deleted
Jul 31 21:04:43 Chain tcpre deleted
Jul 31 21:04:43 Empty chain tcfor deleted
Jul 31 21:04:43
Table mangle pass 2, 5 referenced chains, level 4a...
Jul 31 21:04:43
Table mangle pass 3, 5 referenced chains, level 4b...
Jul 31 21:04:43
Table mangle pass 3, 5 referenced user chains, level 16...
Jul 31 21:04:43
Table mangle pass , 0 referenced user chains, level 8...
Jul 31 21:04:43 Table mangle Optimized -- Passes = 1
Jul 31 21:04:43
Jul 31 21:04:43
Table filter pass 1, 14 referenced chains, level 4a...
Jul 31 21:04:43 3 ACCEPT rules deleted from chain fw-net
Jul 31 21:04:43 3 DROP rules deleted from chain net-fw
Jul 31 21:04:43
Table filter pass 2, 14 referenced chains, level 4a...
Jul 31 21:04:43 1 references to chain fw-net replaced
Jul 31 21:04:43 Chain fw-net deleted
Jul 31 21:04:43
Table filter pass 3, 13 referenced chains, level 4a...
Jul 31 21:04:43
Table filter pass 4, 13 referenced chains, level 4b...
Jul 31 21:04:43
Table filter pass 5, 2 short chains, level 4c...
Jul 31 21:04:43
Table filter pass 5, 13 referenced user chains, level 16...
Jul 31 21:11:44
Table filter pass , 10 referenced user chains, level 8...
Jul 31 21:11:44 Table filter Optimized -- Passes = 1
Jul 31 21:11:44
Jul 31 21:11:44 Creating iptables-restore input...
Jul 31 21:11:45 Shorewall configuration compiled to /var/lib/shorewall/.start
Jul 31 21:11:45 Starting Shorewall....
Jul 31 21:11:45 Initializing...
Jul 31 21:11:45 Setting up Route Filtering...
Jul 31 21:11:45 Setting up Martian Logging...
Jul 31 21:11:45 Setting up Accept Source Routing...
Jul 31 21:11:45 Disabling Kernel Automatic Helper Association
Jul 31 21:11:45 Preparing iptables-restore input...
Jul 31 21:11:45 Running /sbin/iptables-restore --wait 60...
Jul 31 21:11:45 done.
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-16-amd64 (SMP w/4 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages shorewall depends on:
ii bc 1.07.1-2+b2
ii debconf [debconf-2.0] 1.5.77
ii iproute2 5.10.0-4
ii iptables 1.8.7-1
ii lsb-base 11.1.0
ii perl 5.32.1-4+deb11u2
ii shorewall-core 5.2.3.4-1
Versions of packages shorewall recommends:
ii libnetfilter-cthelper0 1.0.0-3
Versions of packages shorewall suggests:
ii make 4.3-4.1
ii shorewall-doc 5.2.3-1.1
-- Configuration Files:
/etc/shorewall/params changed:
/etc/shorewall/shorewall.conf changed:
STARTUP_ENABLED=Yes
VERBOSITY=1
PAGER=
FIREWALL=
LOG_LEVEL="debug"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="%s %s "
LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
SFILTER_LOG_LEVEL="$LOG_LEVEL"
SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
TC=
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=Yes
DOCKER=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
TRACK_RULES=No
USE_DEFAULT_RT=Yes
USE_NFLOG_SIZE=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
VERBOSE_MESSAGES=Yes
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
ZERO_MARKS=No
ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
-- debconf information:
shorewall/invalid_config:
shorewall/dont_restart:
shorewall/major_release:
0 new messages