On 1/6/2014 12:36 PM, Øyvind Lode wrote: > No, I do not even have a stoppedrules file: > > munin:~$ cat /etc/shorewall/stoppedrules > cat: /etc/shorewall/stoppedrules: No such file or directory > munin:~$ > > I have udp 123 forwarded (DNAT) to the box running ntpd. > > All works well but of some reason some packets are dropped every time I > reboot. > > I guess that is normal behaviour since the purpose of shorewall-init is to > close the FW prior to networking since networking is brought up before > shorewall is started. > > But I don't understand why these packets are still dropped when shorewall is > running. > > All new udp connections is accepted and forwarded to the ntpd box. > > But running conntrack -F fixes the problem.
Is shorewall-init actually starting before networking (e.g., do you see a 'Shorewall stopped' message in syslog before the interfaces are brought up?). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
