IPv6 – logging and shorewall6

Following on from my early success at get IPv6 running, I soon hit a significant issue: firewall logging.

 

Now this need not be a “blocker” for everyone, but I take my firewall logging duties quite seriously…!

shorewall IPv4 logging

Currently I have IPv4 shorewall configured to log not using the standard syslog mechanism, but instead to use ulogd. This allows me to easily log firewall activity to an entirely separate set of log files very easily. It is absolutely not mandatory, but it’s neat and tidy. I then have fwlogwatch to nightly analyse the logs and automatically email the interesting bits to me for occasional checking.

To enable this I have appropriate pointers to use of ULOG in shorewall’s policy and rules files as follows:

February 25th, 2010 | Tags: , , , , , , , | Category: FPage | 4 comments

IPv6 at home – a guide to getting started

With IPv6 slowly becoming more visible, it was time to get to grips with it. While absolutely not essential (yet!) it seemed like a fun idea: my ADSL provider offers native IPv6 in parallel with IPv4, and my hosting provider is running an IPv6 beta. So I can do native IPv6 end to end between my home and a remote host. “Home” in this case consists of a Linux firewall running iptables, fronted by shorewall. Two ethernet ports: one to the ADSL modem (my “external” interface) and one to the house infrastructure (“internal”)

The Ubuntu server distribution in use is, like most Linux distros, fully IPv6 ready. For example, do an ifconfig and we see

Link encap:Ethernet  HWaddr 00:40:63:f5:f9:3c
inet addr:88.XXX.XX.XXX  Bcast:88.XXX.XXX.255  Mask:255.255.255.0
inet6 addr: fe80::240:63ff:fef5:XXX/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:14086899 errors:0 dropped:0 overruns:0 frame:0
TX packets:15607323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1837525573 (1.8 GB)  TX bytes:666354591 (666.3 MB)
Interrupt:16 Base address:0×8000

Now I may not know much about IPv6 on Linux yet, but I can see that I’ve got a line beginning “inet addr” which looks kinda IPv6-ish. Good start. Let’s go…

Continue reading IPv6 at home – a guide to getting started

February 24th, 2010 | Tags: , , , , , , , , , | Category: FPage | 8 comments

Bless me father for I have punched

Several newspapers report today (e.g. here and here) that a British judge this week chose not to jail a violent criminal because he was religious.

The judge said “You are a religious man and you know this is not acceptable behaviour.”

The fact that the judge in question is Cherie Blair, wife of former-prime [...]

February 4th, 2010 | Tags: | Category: FPage | One comment

Leave them kids alone

Pope Benedict XVI is apparently set to visit Britain soon. However he has also decided to attack the laws giving gay couples similar rights to married (heterosexual) couples, as a variation on the church’s more general disgust with anyone who does not share their own twisted sexual views

Aware that this is unpopular (the laws have widespread support) he has chosen a rather devious and obfuscated line of attack.

He singles out for criticism the UK’s Equality Bill, currently passing through Parliament. He tells us the effect of some of the legislation designed to achieve this goal has been to impose unjust limitations on the freedom of religious communities to act in accordance with their beliefs. Unjust. That’s the key word there. And then goes on:

“In some respects it actually violates the natural law upon which the equality of all human beings is grounded and by which it is guaranteed.”

Of course the concept of Natural Law is wonderfully vague. One assumes he is referring to some or other Aquinas-style philosophy of everything is OK, so long as it is OK with God too. However that aside, what is he really objecting to? Well, that is made fairly clear by further Church-comment on the matter. Firstly we are told that:

Religious leaders have voiced concern that the Equality Bill may force churches to employ sexually active gay people and transsexuals when hiring staff other than priests or ministers.

Continue reading Leave them kids alone

February 2nd, 2010 | Tags: | Category: FPage | 2 comments