On 3/10/20 11:46 AM, Erich Titl wrote: > Hi Tom > > Am 10.03.2020 um 17:59 schrieb Tom Eastep: >> On 3/9/20 7:26 PM, Erich Titl wrote: > ... > >>> >>> Obviously I am not home else all this would be pointless. My current IP >>> address is 92.144.119.39 and the shorewall log shows the following: >>> >>> Mar 10 00:49:55 gatekeeper Shorewall:net-fw:DROP: IN=eth0 OUT= >>> MAC=00:0d:b9:1c:ce:dc:00:17:10:99:a7:43:08:00 SRC=92.144.119.39 >>> DST=80.219.225.247 LEN=40 TOS=00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP >>> SPT=49158 DPT=993 SEQ=3841251305 ACK=0 WINDOW=0 RST URGP=0 MARK=0 >>> Mar 10 00:50:02 gatekeeper Shorewall:net-fw:DROP: IN=eth0 OUT= >>> MAC=00:0d:b9:1c:ce:dc:00:17:10:99:a7:43:08:00 SRC=92.144.119.39 >>> DST=80.219.225.247 LEN=40 TOS=00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP >>> SPT=49159 DPT=993 SEQ=1536968444 ACK=0 WINDOW=0 RST URGP=0 MARK=0 >> >> I assume that your geoip rule specifies logging (the rule you show above >> does not)? >> > > The uncommented rule is > > SSH(DROP) net:^CN all > > But indeed I looked up the SSH macro and there appears no logging > defined. I would then think that the policy would log those packets and > the geoip rule would not be the reason. > > I rechecked the setup and this time there is no log entry in > shorewall.log. So I assume the reasno for the drop is the geoip rule. > Sorry about the bad info. >
Looking again, the log messages were generated by attempts to connect to TCP port 993, not 22. So it appears that the geoip rule is causing connection attempts to be dropped. >> Assuming that the geoip rule is producing the log messages that you show >> above, it appears that something is broken in your geoip setup -- either >> the code itself, or the CN.ipv4 database. > > I would think that a broken xt_geoip module would not load and show up > in lsmod as alive. > > I checked manually in the .csv sources to the database and there my IP > shows up in the correct region. Is there a reasonable way to check the > CN.iv4 database? I don't know. > > Now I only placed the iv4 files into the LE directory, assuming that my > x86 based system was little endian. Obviously the CN database is being found, since the rule is being installed. If you can't find anything, please send me a full dump and I'll take a look... -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
