We are running Shorewall 2.2.0 on a Mandrake 9.2 firewall which has worked well for a few years. Recently, after a severe power outage followed by backup genset failure, we had some difficulty getting the interfaces to establish link with our ISP's fiber transceiver. After a few ipdowns/ifups and power cycling of the transceiver, things starting working. At this point, we were still on auxilary power, and had only a few servers running. Shortly afterward, the on-access virus scanner on an NT4 server detected a virus known to spread using a DCOM vulnerability (possibly one which can't be patched in NT4 without disabling DCOM.) Anyway, to shorten an already too-long story... we now suspect that the firewall somehow managed to let traffic through to these servers, two of which happen to be on public IPs, but do not normally have any ports open to the internet. We came to this suspicion after isolating our core network by shutting down all ports leading out of the core on our Cisco Cat6000. There was no power on campus outside our building, but we wanted to keep things isolated should the power be restored. Because of multiple equipment problems during this incident, we were unable to verify, log, or trace the possibility of packets getting through the firewall that shouldn't have. I realize that I should be upgrading to Shorewall 3.x asap, and plan to do so very soon. What I hoped to find out is this:
1. Is the suspicion we have about the firewall not filtering correctly after an ifdown/ifup a possibility? 2. What is the correct way to deal with this issue. ie: having to manually take down & bring up an interface? What other measures should be taken? Thanks, and sorry if I haven't provided appropriate details. Feel free to say RTFM, but I have searched docs and the FAQ and couldn't find the answers... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
