[SNIP] > Chain loc-net (1 references) > pkts bytes target prot opt in out source > destination > 11685 3316K ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 ctstate RELATED,ESTABLISHED > 21402 1627K ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:123 /* NTP */ > 1373 164K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 [SNIP]
It looks like you have many UDP packets pass from the loc zone to the net zone. Also, the log entries at the bottom of the dump output do not show any drops or rejects for UDP port 123. Could you induce the failure and run 'shorewall dump' again and then provide that output? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
