On Thu, 26 Oct 2023 04:17:39 -0000 (UTC) Christophe PEREZ <ch...@novazur.fr> wrote:
> Oct 26 03:57:04 myserver kernel: [1567341.969608] fw-net REJECT IN= > OUT=eth0 SRC=myipserver DST=oneclientip LEN=40 TOS=0x00 PREC=0x00 > TTL=64 ID=0 DF PROTO=TCP SPT=443 DPT=37615 WINDOW=0 RES=0x00 RST > URGP=0 Those are replies to clients which have actually already gone. So completely normal. While your web server has been processing request, client has gone and so netfilter has already closed the connection. > Note that I have exactly the same question with the mail server and > ports 25,110,143,465,993,995. Same for these. > I'm trying to understand, not necessarily to correct something if > it's not useful. You can remove these from logging by changing REJECT_DEFAULT in shorewall.conf. If you add dropInvalid there those won't get logged any more. Web is not a standard protocol name, so shorewall developers decided to add HTTP and HTTPS macros which are actual protocol names instead. But to make sure old firewall installs won't break on shorewall upgrade, old Web macro was left there. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
