"Dale E. Martin" <[email protected]> wrote:
>On 3/13/2011 12:46 PM, Tom Eastep wrote: >> >> From Shorewall FAQ 17: >> >> logflags >> >> The packet is being logged because it failed the checks >> implemented by the tcpflags interface option. >> >> So if you want to allow those bogus packets, turn off 'tcpflags' on >eth0. >> >Any idea if this is "normal" for Skype? I'm surprised to not find more >info about it on google. > >I hate to turn this off for the whole interface - it looks like I can't >do it just for the affected IPs on that interface? > Tcpflags is highlighting the fact that there are certain combinations of TCP flags which are known to be illegal. The question here is whether skype is working correctly for you. If it is then you shouldnt be worrying about how to let these packets through. I have a skype phone and I get these flags too but my testing has shown that it works perfectly. What I do when setting up rules is to find the firewall settings or port details for the application and create the rules based on that. Any packets denied after that can be safely ignored as they havnt been listed by the vendor. Cillian >Thanks, > Dale > > > >------------------------------------------------------------------------------ >Colocation vs. Managed Hosting >A question and answer guide to determining the best fit >for your organization - today and in the future. >http://p.sf.net/sfu/internap-sfd2d >_______________________________________________ >Shorewall-users mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
