[Shorewall-users] Strange REJECTs in the shorewall logs

Wed, 09 Dec 2020 06:12:25 -0800 

Hello Shorewall users,

- interface:
net             eth0
 arp_filter,dhcp,logmartians,nosmurfs,routefilter=2,tcpflags

- rules:
?SECTION NEW
HTTP(ACCEPT)            net                     fw
HTTPS(ACCEPT)           net                     fw
IMAP(ACCEPT)            net                     fw
IMAPS(ACCEPT)           net                     fw
POP3(ACCEPT)            net                     fw
POP3S(ACCEPT)           net                     fw
SMTP(ACCEPT)            net                     fw
SMTPS(ACCEPT)           net                     fw
Submission(ACCEPT)      net                     fw

- but logs contain outgoing REJECT messages like these:

  - with flags ACK
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.1.2.3 DST=31.x.y.z LEN=1500
TOS=0x00 PREC=0x00 TTL=64 ID=57180 DF PROTO=TCP SPT=110 DPT=22390
WINDOW=211 RES=0x00 ACK URGP=0
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.1.2.3 DST=89.x.y.z LEN=1384
TOS=0x00 PREC=0x00 TTL=64 ID=35530 DF PROTO=TCP SPT=443 DPT=13007
WINDOW=386 RES=0x00 ACK URGP=0

  - with flags ACK FIN
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.1.2.3 DST=89.x.y.z LEN=40
TOS=0x00 PREC=0x00 TTL=64 ID=14955 DF PROTO=TCP SPT=443 DPT=20194
WINDOW=211 RES=0x00 ACK FIN URGP=0

  - with flags ACK PSH
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.1.2.3 DST=89.x.y.z LEN=71
TOS=0x00 PREC=0x00 TTL=64 ID=63142 DF PROTO=TCP SPT=443 DPT=32827
WINDOW=279 RES=0x00 ACK PSH URGP=0
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.1.2.3 DST=78.x.y.z LEN=412
TOS=0x00 PREC=0x00 TTL=64 ID=28545 DF PROTO=TCP SPT=993 DPT=40937
WINDOW=219 RES=0x00 ACK PSH URGP=0

  - with flags ACK PSH FIN
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.194.115.57 DST=89.x.y.z
LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=36772 DF PROTO=TCP SPT=443 DPT=43229
WINDOW=368 RES=0x00 ACK PSH FIN URGP=0
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.194.115.57 DST=89.x.y.z
LEN=169 TOS=0x00 PREC=0x00 TTL=64 ID=53920 DF PROTO=TCP SPT=993 DPT=13648
WINDOW=227 RES=0x00 ACK PSH FIN URGP=0
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.194.115.57 DST=37.x.y.z
LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=44761 DF PROTO=TCP SPT=995 DPT=10384
WINDOW=219 RES=0x00 ACK PSH FIN URGP=0

  - with flags RST
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.1.2.3 DST=37.x.y.z LEN=40
TOS=0x00 PREC=0x00 TTL=64 ID=59890 DF PROTO=TCP SPT=443 DPT=54679 WINDOW=0
RES=0x00 RST URGP=0
kernel: SW4:fw-net:REJECT:IN= OUT=eth0 SRC=10.1.2.3 DST=37.x.y.z LEN=40
TOS=0x00 PREC=0x00 TTL=64 ID=3610 DF PROTO=TCP SPT=993 DPT=37641 WINDOW=0
RES=0x00 RST URGP=0


What could be the problem? In my opinion, these are not invalid packets. Some
problem with connection tracking?

But I have to admit, I'm using an old version of Shorewall 5.1.10.2.

Thanks in advance for the help and with best regards
-- 
Karel Ziegler

 e-mail:    ziegl...@gmail.com

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to