Shorewall users - May 2003 - Help Shorewall: why do I get these messages upon dial-up disconnect?

Hi,
I have a stand alone Mandrake 9.1 PC with a dial up Internet connection and an 
integrated eth0 (currently not used). I''m running shorewall ver 1.3.14
yet
I''ve replaced Mandrake''s default shorewall configuration with
a
"two-interface"configuration which I downloaded from the Shorewall
(ver 1.3)
site and modified to connect to the Internet via ppp0 (instead of eth0).

Everything works OK, yet once I disconnect my dial up (kppp) I get the 
following messages in my log file. What the purpose of these and can I get 
rid of these (Shorewall related) messages?

TIA

-------- copy (partial) of my log file-(modified IP address)-------------
May  2 13:54:09 Badt1 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=64.175.129.6 DST=X.Y.Z.79 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=15419 DF 
PROTO=TCP SPT=34837 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
May  2 13:54:13 Badt1 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=64.175.129.6 DST=X.Y.Z.79 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=9021 DF 
PROTO=TCP SPT=34837 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
May  2 13:54:18 Badt1 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=64.175.129.6 DST=X.Y.Z.79 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=18240 DF 
PROTO=TCP SPT=34837 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
May  2 13:55:21 Badt1 pppd[4749]: Terminating on signal 15.
May  2 13:55:22 Badt1 pppd[4749]: Connection terminated.
May  2 13:55:22 Badt1 pppd[4749]: Connect time 48.6 minutes.
May  2 13:55:22 Badt1 pppd[4749]: Sent 1124879 bytes, received 9456399 bytes.
May  2 13:55:22 Badt1 pppd[4749]: Exit.

On 2/05/2003 6:44 PM +0300 Michael Badt wrote:
> Hi,
> I have a stand alone Mandrake 9.1 PC with a dial up Internet connection
> and an  integrated eth0 (currently not used). I''m running
shorewall ver
> 1.3.14 yet  I''ve replaced Mandrake''s default shorewall
configuration with
> a  "two-interface"configuration which I downloaded from the
Shorewall
> (ver 1.3)  site and modified to connect to the Internet via ppp0 (instead
> of eth0).
>
> Everything works OK, yet once I disconnect my dial up (kppp) I get the
> following messages in my log file. What the purpose of these and can I
> get  rid of these (Shorewall related) messages?
>
> TIA
>
> -------- copy (partial) of my log file-(modified IP address)-------------
> May  2 13:54:09 Badt1 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC>
SRC=64.175.129.6 DST=X.Y.Z.79 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=15419
> DF  PROTO=TCP SPT=34837 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
> May  2 13:54:13 Badt1 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC>
SRC=64.175.129.6 DST=X.Y.Z.79 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=9021
> DF  PROTO=TCP SPT=34837 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
> May  2 13:54:18 Badt1 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC>
SRC=64.175.129.6 DST=X.Y.Z.79 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=18240
> DF  PROTO=TCP SPT=34837 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
> May  2 13:55:21 Badt1 pppd[4749]: Terminating on signal 15.
> May  2 13:55:22 Badt1 pppd[4749]: Connection terminated.
> May  2 13:55:22 Badt1 pppd[4749]: Connect time 48.6 minutes.
> May  2 13:55:22 Badt1 pppd[4749]: Sent 1124879 bytes, received 9456399
> bytes. May  2 13:55:22 Badt1 pppd[4749]: Exit.
It seems the shorewall-related messages are generated BEFORE you 
disconnect, not after (about a minute before disconnection). Is this the 
first time you see these messages? If not, do they always come from the 
same source IP address?

If you want to get rid of Shorewall related messages, you could just log 
them to a separate file. See the "ULOG" section under 
http://www.shorewall.net/shorewall_logging.html

HTH.

Gonzalo.