Hi, My last Shorewall rule is DROP with logging options (:info:polbl). It's a custom DROP action identical to the upstream version, except it includes the SRC IP addr. in an ipset.
I usually get messages in the log such as Shorewall:polbl:DROP... However, I sometimes get messages such as the one below: Jun 5 16:47:51 kernel: Shorewall:polbl:COUNT:IN=enp9s5 OUT= MAC=00:0d:88:cd:7f:c5:00:13:f7:23:ef:b4:08:00 SRC=1.2.3.4 DST=192.168.100.2 LEN=60 TOS=0x00 PREC=0x00 TTL=124 ID=10689 PROTO=255 MARK=0x2 What is the reason for which the packet was DROPped? What does COUNT mean exactly, especially with PROTO=255? Thanks, Vieri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
