Bug#269316: [Logcheck-devel] Bug#269316: shorewall rules
Todd Troxell
ttroxell at debian.org
Sat Sep 4 20:09:10 UTC 2004
tags 269316 wontfix
thanks
On Wed, Sep 01, 2004 at 05:48:44PM +0300, Jari Aalto wrote:
> > # shorewall stop
> > # bind restart
> > # shorewall start
> >
> > is pretty usual situation for me. In addition, I do tweak shorewall rules
> > very often, because I have requested new rules to it that are included
> > in next upgrades. I also add or remove services, so shorewall needs
> > restarts at least for following months. I think those start|stop
> > messages cold be ignored by logcheck.
>
> For you personally they may be good rules, but I have my doubts that
> these are good rules to ship with logcheck itself.
>
> Perhaps if you could add them to your local rules this would be
> sufficent to stop you from being bothered by these logs, and would
> still allow other users of logcheck to see if their firewalls had
> stopped or started unexpectedly?
>
> I could, but the reason I was suggesting them is that I don't know any way
> that shorewall would itself go on or off. It configures iptables and is not
> a running process. Those messages are user created and not from any process
> that would manipulate it.
Right, but a user could break into your machine and modify your firewall
rules. This seems like something you'd want to know about. <:
Also, you might want to look into 'reloading' bind rather than restarting it.
(or possibly configuring your firewall properly for talking to rndc, as I'm
gussing that's what is holding up the restart.)
So, I'm thinking that we are not going to ship rules for this. If anyone
thinks this is a bad, let me know.
Cheers,
--
[ Todd J. Troxell ,''`.
Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' :
http://debian.org || http://rapidpacket.com/~xtat `. `'
`- ]
More information about the Logcheck-devel
mailing list