On 5/18/2015 4:31 PM, AleCaste wrote: > Hi Tom, > Please find the results of "shorewall dump" attached in a txt file. >
From the dump, one SYN packet was forwarded to NFQUEUE 0:
Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination
1 60 net2fw~ all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
...
72 5877 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1 60 NFQUEUE tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 NFQUEUE num 0 <====
It looks as though, however, that you didn't uncomment the NEW SECTION
in your rules file, because all following packets in the connection were
ACCEPTed by the preceding rule.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
