Hello ! One of our customers has problems with the Limit matching in shorewall/iptables. We are using a rule like this: /etc/shorewall/rules: LOG:info net dmz tcp ssh Limit:info:SSHA,3,60 net dmz tcp ssh If the firewall is booted freshly everythig is working as expected but we have problems after long uptimes of about 100 days. Every connection to the ssh port is dropped then and SSHA is logged in the firewall-logs. Is anyone experiencing a similar problem ? It''s a openSuSE 10.0 system with stock 2.6.13 Kernel. -- __________________________________________________ Ralf Schenk fon (02 41) 9 91 21-0 fax (02 41) 9 91 21-59 rs@databay.de Databay AG Hüttenstraße 7 D-52068 Aachen www.databay.de Sitz/Amtsgericht Aachen HRB:8437 USt-IdNr.: DE 210844202 Databay - einfach machen. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Ralf Schenk escribió:> Hello ! > > One of our customers has problems with the Limit matching in > shorewall/iptables. We are using a rule like this: > > /etc/shorewall/rules: > LOG:info net dmz tcp ssh > Limit:info:SSHA,3,60 net dmz tcp ssh > > If the firewall is booted freshly everythig is working as expected but > we have problems after long uptimes of about 100 days. Every connection > to the ssh port is dropped then and SSHA is logged in the firewall-logs. > Is anyone experiencing a similar problem ? > > It''s a openSuSE 10.0 system with stock 2.6.13 Kernel. >mmm..ypur problem isn''t related to shorewall, looks like a problem with the netfilter module :( Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Ralf Schenk escribió:> Hello ! > > One of our customers has problems with the Limit matching in > shorewall/iptables. We are using a rule like this: > > /etc/shorewall/rules: > LOG:info net dmz tcp ssh > Limit:info:SSHA,3,60 net dmz tcp ssh > > If the firewall is booted freshly everythig is working as expected but > we have problems after long uptimes of about 100 days. Every connection > to the ssh port is dropped then and SSHA is logged in the firewall-logs. > Is anyone experiencing a similar problem ? > > It''s a openSuSE 10.0 system with stock 2.6.13 Kernel. >http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/ Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642