> Well, so far, all you have given us is a log message, one rule, and a > "It works sometimes". > > Given that the rule you posted doesn't include a log level, but a log > message is being produced, I am wondering if the fw->net policy is > ACCEPT with a log level specified. If that is the case, then I can > understand that you would be concerned that the rule is somehow not > being effective. > > For these types of problems, the output of 'shorewall dump' collected as > described at http://www.shorewall.net/support.htm#Guidelines is most > helpful to us. > > Thanks, > -Tom
Indeed, policy calls for logging. I haven't been able to narrow it down more as it is infrequent, so the best I can do is say about 'half the time, REJECTs and DROPs are -not- logged'. (It's not my intent to start a bickering contest, and am not withholding anything) I've always been able to solve the problem/blockage by adjusting Shorewall rules, even without the blockage being logged. But I wish it would just log all REJECTs and DROPs. And I don't understand why it's suddenly logging these ACCEPTs... I haven't asked it to. Given the nature of this being hard to nail down, I don't have much hope of solving it, but I've sent the dump to Tom anyway.
0xF8ED1710.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users