Frances Flood wrote: > Basically, if the machine behind Shorewall sends out a [SYN] message but > Shorewall then receives a [SYN] from the target rather than a [SYN, > ACK], would you expect Shorewall to block the [SYN] message or allow it > through?
First of all, you should understand that Shorewall isn't something that runs in your system and filters packets. Shorewall is a set of shell scripts that configures netfilter -- the IP packet filtering/mangling facility in the kernel. So Shorewall itself is not involved in interpreting TCP session startup. > > Is it possible for Shorewall to block messages without logging it in any > way, assuming maximum logging is switched on? There are a number of ways in which packets can be dropped silently. The most likely cause in this case is that Netfilter connection tracking is dropping them as invalid. You can see if that is happening by echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid modprobe ipt_LOG If you see packets being logged (they are logged on any console), then you can try manipulating /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose and ip_conntrack_tcp_be_liberal. I've taken a quick look and didn't find the documentation for those so you'll have to do the Google search. The Shorewall-generated netfilter ruleset can also silently drop packets through it's 'Default Actions' (see http://www.shorewall.net/Actions.html#Default). The method for disabling default actions depends on your Shorewall version -- you must use /etc/shorewall/actions if you are running Shorewall version 3.2 or earlier and you use the *_DEFAULT settings in shorewall.conf if you are running Shorewall 3.2. HTH, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
