Justin, Thank you for your reply. Bad News followed by Good News!
Justin Thanks for the response. By chance I discovered that Gmail had stuffed your reply in Spam :( .... >> Are you running a cronjob which is messing with it ? I've checked the Cron jobs and I don't see anything that could be causing this issue. (It's an issue that "started a few days ago, and I've not changed anything in Cron for a few months. >> When / how often are the ipsets being changed/added ? This is almost happening on a constant basis. I clear all the ipsets, everything works OK, then in 5 to 15 minutes (searching, google.com, messenger (on Chromebook) , it all stops working and those two IP numbers are right back in the ipsets. And what makes things even more confusing is that Firefox will connect and work perfectly, even when Chrome will not! So I might be barking up the wrong tree. Going to have a look at "psacct" now. *ADDED LATTER .... *(had to rewrite as the original message had become too large) This makes it stranger but I seem to have become lucky. I did not understand how Firefox worked all OK, but Chrome did not. If ipsets were blocking incoming requests to Chrome, they should also have been blocking everything, including Firefox. So I downloaded and installed Opera to see if that would work. The issue has now magically gone away. So whatever was causing this issue, seems to be related to Chrome and my PC that I work on ..... . Many Thanks, Stay Safe, Nigel. On Sun, Nov 15, 2020 at 12:36 PM Nigel Aves <nigel.a...@gmail.com> wrote: > Shorewall version 5.2.3.4 > Ubuntu Server 20.04.1 > Apache web server with mod_security > > I've run into an issue that no matter what I have tried, no success. This > started a few days ago, my internal network keeps getting "cut off" from > Google. Can not search, open google.com, google messenger service ... I > tracked it down to ipsets being created for Google IP addresses, what > really surprised me was that I was also getting (occasionally) their DNS > servers, 8.8.8.8 and 8.8.4.4 - I've spent a couple of days now trying to > find the root cause. > > I needed a bandaid to stop the rest of the family complaining ( :) ) so > this morning I looked at Shorewall Whitelisting using "blrules", and added > this to the blrules file. > > WHITELIST net:172.217.0.0/16 all > WHITELIST net:8.8.4.4 all > WHITELIST net:8.8.8.8 all > > Ran a Shorewall restart but I am still seeing entries when I do "ipset > list SW_DBL4" > > 172.217.3.206 timeout 597 packets 1 bytes 52 > 172.217.14.195 timeout 598 packets 1 bytes 52 > > Any ideas as to what I might have done wrong? > > Kind Regards, Stay Safe, Nigel. > >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
