# Configure Shorewall to Allow Syslog Messages from Router

## dman777

I have my system set up to where the router will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions:

How can I configure shorewall to allow the messages from my router?

If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?

----------

## Bones McCracker

Your router has an external IP address (the WAN address - it will look different than your PC's address) and an internal IP address (the LAN address -- one that is in the same network block as your PC's IP address).  You want to configure the firewall that is running on your PC to allow traffic coming from the router's internal IP address.

Also, it would be best to restrict that further to only the protocol and port that the router is using to send this traffic (syslog traffic is usually sent using the UDP protocol and port 514).

To allow that, you need to create an entry in your shorewall.rules file.  You don't need to worry about port and protocol (unless your router is using something different from the standard UDP port 514), because shorewall provides a "macro" for Syslog.  You may have your zones named differently, but it would look something like this:

For this example "loc" is the local LAN and $FW is the firewall machine (in your case, your PC).

This would allow all inbound Syslog traffic from any machine on the LAN:

```
Syslog(ACCEPT)             loc             $FW
```

You could further restrict that.  This will allow inbound Syslog traffic only from the machine with address 192.168.0.1:

```
Syslog(ACCEPT)             loc:192.168.0.1             $FW
```

As a slightly more secure alternative in some situations, if you can determine the MAC address of the router's internal interface, you can use that instead of the IP address:

```
Syslog(ACCEPT)             loc:  ~00-34-78-2h-47-ks           $FW
```

The IP address 192.168.0.1 and the MAC address 00:34:78:2h:47:ks given above are just examples, and you would need to replace them with the appropriate addresses.  Also, the zones "loc" and "$FW" may not be the same as your setup (but you should have those figured out by now).

----------

