On Fri, Sep 2, 2011 at 4:34 PM, Tom Eastep <[email protected]> wrote: > On Fri, 2011-09-02 at 16:21 +0300, Liutauras Adomaitis wrote: >> On Fri, Sep 2, 2011 at 4:00 PM, Tom Eastep <[email protected]> wrote: >> > On Fri, 2011-09-02 at 13:10 +0300, Liutauras Adomaitis wrote: >> > >> >> I've been using it for a years, but only now I stepped on the strange >> >> problem: >> >> the rule is >> >> ACCEPT:info all fw tcp 22 >> >> Primitive, however I get logs for each packet and expectation is that >> >> i get logs only for every incoming connection, syn packet. >> >> I've been using Mandriva and I guess distribution has made some rules, >> >> macros and this line was working as I expected, however now on Fedora >> >> 13 it just logs every packet. >> >> >> >> Any ideas? >> > >> > Did you inadvertently place the rule in the ESTABLISHED section of the >> > rules file rather than in the NEW section? >> > >> > -Tom >> > -- >> >> Just double checked - no. Here is my rules file: >> #SECTION ESTABLISHED >> #SECTION RELATED >> SECTION NEW >> ACCEPT all $FW tcp 22 - # SSH >> >> Can this be related to the fact that I'm running virtual machine based >> on OpenVZ. I just got it from my hosting provider. I am not familiar >> with such type of virtualization. Can this be related? >> > > Yes. Another user has reported that iptables/Netfilter is broken when > running in an OpenVZ container. > > -Tom > --
Any workarrounds? It is interesting, since how can you run your server if you can't setup your firewall properly. Liutauras ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
