thr3ads.net - Shorewall users - Shorewall help blacklist and restart/refresh [Jan 2004]

If this information is useful, please help other people find it:
Share via:

silvamark

2004-Jan-27 22:35 UTC

Shorewall help blacklist and restart/refresh

At the current time I am not subscribed to the mailing list.

I have a blacklist that I got from www.peerguardian.net that is rather
large ( 81 kb).
When shorewall start command is issued it takes about 20 mins for it to
load.
Is this normal or should I do this another way?

Also I noticed something very strange with shorewall ..
	I have cron do a shorewall restart command every 24 hours and
noticed in my logs that it says
	"Shorewall is not currently running" when it restarts ???
	Should I be doing a refresh?
	It poses a problem for me because when It does stop my log fills
up fast.

shorewall version 1.4.9

ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:00:b4:9d:55:10 brd ff:ff:ff:ff:ff:ff
    inet 24.91.102.152/24 brd 255.255.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:00:b4:52:da:a0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1

ip route show
192.168.0.0/24 dev eth1  scope link 
24.91.102.0/24 dev eth0  proto kernel  scope link  src 24.91.102.152 
169.254.0.0/16 dev eth1  scope link 
127.0.0.0/8 dev lo  scope link 
default via 24.91.102.1 dev eth0


Here is my rules file .
#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE
ORIGINAL
#							PORT	PORT(S)
DEST
#
ACCEPT		loc		fw		udp	177
ACCEPT		all		all		tcp	6000:6010
ACCEPT		all		all		tcp	8000:8010
#
#	Accept DNS connections from the firewall to the network
#
ACCEPT		fw		net		tcp	53
ACCEPT		fw		net		udp	53
#
#	Accept SSH connections from the local network for administration
#
ACCEPT		loc		fw		tcp	22
#
#	Allow Ping To And From Firewall
#
ACCEPT		loc		fw		icmp	8
ACCEPT		net		fw		icmp	8
ACCEPT		fw		loc		icmp	8
ACCEPT		fw		net		icmp	8
#
#	SAMBA
#
ACCEPT 		fw 		loc 		udp 	137:139     
ACCEPT 		fw 		loc 		tcp 	137,139     
ACCEPT 		fw 		loc 		udp 	1024:
137   
ACCEPT 		loc 		fw 		udp 	137:139     
ACCEPT 		loc 		fw 		tcp 	137,139     
ACCEPT 		loc 		fw 		udp 	1024:
137   
#
#
ACCEPT		all		fw			tcp	21
-
ACCEPT		all		fw			tcp	80
-
ACCEPT		loc		fw			tcp	10000
-
ACCEPT		all		fw			tcp	25
-
ACCEPT		loc		fw			tcp	110
-
ACCEPT		all		fw			tcp	1411
-
DNAT		net		loc:192.168.0.2	tcp	3412
-
DNAT		net		loc:192.168.0.2	udp	3412
-
DNAT    	net     	loc:192.168.0.2 	tcp	2121
-
DNAT		net		loc:192.168.0.2	udp	2302:2400
-
DNAT		net		loc:192.168.0.2	udp	6073
-	
DNAT		net		loc:192.168.0.2	tcp	6667
-
DNAT		net		loc:192.168.0.2 	tcp	6881
-
DNAT		net		loc:192.168.0.2	tcp	28000:29000
-
DNAT		net		loc:192.168.0.2	udp	28000:29000
-
DNAT		net		loc:192.168.0.2	tcp	2300
-
DNAT		net		loc:192.168.0.2	udp	2300
-
DNAT		net		loc:192.168.0.2	tcp	2303
-
DNAT		net		loc:192.168.0.2	udp	2303
-
DROP		loc		net:217.116.227.249	all
-
#
DNAT	net	fw:24.91.102.152:1411	tcp	411	-
DNAT	net	fw:24.91.102.152:1411	udp	411	-

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE


Here is the last 50 lines of what shorewall logged to /var/log/messages

Jan 27 00:23:15 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=216.175.104.127
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=20585 DF
PROTO=TCP SPT=2689 DPT=901 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 00:24:30 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=23.91.102.152
DST=24.91.102.152 LEN=555 TOS=0x00 PREC=0x00 TTL=113 ID=41331 PROTO=UDP
SPT=666 DPT=1026 LEN=535 
Jan 27 00:24:30 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=23.91.102.152
DST=24.91.102.152 LEN=555 TOS=0x00 PREC=0x00 TTL=113 ID=41333 PROTO=UDP
SPT=666 DPT=1027 LEN=535 
Jan 27 00:35:21 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=24.88.4.147
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=26881 DF
PROTO=TCP SPT=4375 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 00:39:06 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=80.142.184.101
DST=24.91.102.152 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=44267 DF
PROTO=TCP SPT=1582 DPT=1433 WINDOW=32767 RES=0x00 SYN URGP=0 
Jan 27 00:39:09 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=80.142.184.101
DST=24.91.102.152 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=44414 DF
PROTO=TCP SPT=1582 DPT=1433 WINDOW=32767 RES=0x00 SYN URGP=0 
Jan 27 00:51:07 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=172.169.45.55
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=28036 DF
PROTO=TCP SPT=3449 DPT=12345 WINDOW=8160 RES=0x00 SYN URGP=0 
Jan 27 00:51:10 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=172.169.45.55
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=28150 DF
PROTO=TCP SPT=3449 DPT=12345 WINDOW=8160 RES=0x00 SYN URGP=0 
Jan 27 01:11:12 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=211.162.91.103
DST=24.91.102.152 LEN=404 TOS=0x00 PREC=0x00 TTL=101 ID=33882 PROTO=UDP
SPT=1171 DPT=1434 LEN=384 
Jan 27 01:19:46 h0000b49d5510 kernel: Shorewall:blacklst:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=208.251.137.94
DST=192.168.0.1 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=41886 DF PROTO=TCP
SPT=4603 DPT=1411 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 01:19:49 h0000b49d5510 kernel: Shorewall:blacklst:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=208.251.137.94
DST=192.168.0.1 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=41918 DF PROTO=TCP
SPT=4603 DPT=1411 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 01:19:55 h0000b49d5510 kernel: Shorewall:blacklst:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=208.251.137.94
DST=192.168.0.1 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=41962 DF PROTO=TCP
SPT=4603 DPT=1411 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 01:44:02 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=172.184.41.62
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=8966 DF PROTO=TCP
SPT=4030 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 01:44:04 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=172.184.41.62
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=9114 DF PROTO=TCP
SPT=4030 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 01:44:10 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=172.184.41.62
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=9489 DF PROTO=TCP
SPT=4030 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 01:54:39 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=217.128.124.165
DST=24.91.102.152 LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=25605 PROTO=TCP
SPT=220 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 01:59:06 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=211.59.106.120
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=15688 DF
PROTO=TCP SPT=3741 DPT=12345 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 01:59:09 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=211.59.106.120
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=15789 DF
PROTO=TCP SPT=3741 DPT=12345 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 02:28:57 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=62.234.42.191
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23922 DF
PROTO=TCP SPT=1135 DPT=27374 WINDOW=64800 RES=0x00 SYN URGP=0 
Jan 27 02:31:18 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=153.19.107.130
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=56346 DF
PROTO=TCP SPT=10413 DPT=57 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 02:31:21 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=153.19.107.130
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=57405 DF
PROTO=TCP SPT=10413 DPT=57 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 02:31:27 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=153.19.107.130
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=59487 DF
PROTO=TCP SPT=10413 DPT=57 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 02:31:39 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=153.19.107.130
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=63119 DF
PROTO=TCP SPT=13609 DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 02:31:42 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=153.19.107.130
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=63941 DF
PROTO=TCP SPT=13609 DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 02:31:48 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=153.19.107.130
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=625 DF PROTO=TCP
SPT=13609 DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 02:39:51 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=216.40.18.251
DST=24.91.102.152 LEN=840 TOS=0x00 PREC=0x00 TTL=109 ID=12360 PROTO=UDP
SPT=13583 DPT=1026 LEN=820 
Jan 27 02:40:17 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=24.84.102.20
DST=24.91.102.152 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=14861 PROTO=TCP
SPT=220 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 02:40:56 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=67.74.140.104
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=34381 DF
PROTO=TCP SPT=2225 DPT=27374 WINDOW=8160 RES=0x00 SYN URGP=0 
Jan 27 02:49:02 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=210.246.35.201
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=31533 DF
PROTO=TCP SPT=3445 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 03:06:45 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=217.140.254.252
DST=24.91.102.152 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=3887 PROTO=TCP
SPT=220 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 03:14:36 h0000b49d5510 kernel: Shorewall:badpkt:DROP:IN=eth0
OUTMAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=81.96.93.239
DST=24.91.102.152 LEN=805 TOS=0x10 PREC=0x00 TTL=103 ID=25268 DF
PROTO=TCP SPT=64856 DPT=1411 WINDOW=64135 RES=0x00 ACK PSH URGP=0 
Jan 27 03:27:57 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=217.140.254.252
DST=24.91.102.152 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=2528 PROTO=TCP
SPT=220 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 03:54:38 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=67.74.143.51
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=54748 DF
PROTO=TCP SPT=4443 DPT=27374 WINDOW=8160 RES=0x00 SYN URGP=0 
Jan 27 04:02:02 h0000b49d5510 kernel: Shorewall:badpkt:DROP:IN=eth0
OUTMAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=81.96.93.239
DST=24.91.102.152 LEN=359 TOS=0x10 PREC=0x00 TTL=103 ID=23873 DF
PROTO=TCP SPT=64856 DPT=1411 WINDOW=63995 RES=0x00 ACK PSH URGP=0 
Jan 27 15:45:02 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=68.62.66.90
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13308 DF
PROTO=TCP SPT=4614 DPT=17300 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 15:45:05 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=68.62.66.90
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13629 DF
PROTO=TCP SPT=4614 DPT=17300 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 15:55:06 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=67.154.74.210
DST=24.91.102.152 LEN=404 TOS=0x00 PREC=0x00 TTL=108 ID=24230 PROTO=UDP
SPT=4638 DPT=1434 LEN=384 
Jan 27 16:00:59 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=68.75.88.89
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=61606 DF
PROTO=TCP SPT=4645 DPT=27374 WINDOW=64170 RES=0x00 SYN URGP=0 
Jan 27 16:07:36 h0000b49d5510 kernel: Shorewall:badpkt:DROP:IN=eth0
OUTMAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=81.96.93.239
DST=24.91.102.152 LEN=254 TOS=0x10 PREC=0x00 TTL=103 ID=61383 DF
PROTO=TCP SPT=64762 DPT=1411 WINDOW=64002 RES=0x00 ACK PSH URGP=0 
Jan 27 16:09:58 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=217.128.237.188
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=26807 DF
PROTO=TCP SPT=1362 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 16:12:30 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=63.238.139.24
DST=24.91.102.152 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=26707 PROTO=TCP
SPT=220 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 16:12:41 h0000b49d5510 kernel: Shorewall:badpkt:DROP:IN=eth0
OUTMAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=81.96.93.239
DST=24.91.102.152 LEN=247 TOS=0x10 PREC=0x00 TTL=103 ID=20093 DF
PROTO=TCP SPT=64762 DPT=1411 WINDOW=63054 RES=0x00 ACK PSH URGP=0 
Jan 27 16:17:34 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=200.146.58.43
DST=24.91.102.152 LEN=1313 TOS=0x00 PREC=0x00 TTL=98 ID=0 DF PROTO=UDP
SPT=777 DPT=1026 LEN=1293 
Jan 27 16:20:56 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=66.227.203.122
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=30000 DF
PROTO=TCP SPT=2888 DPT=27374 WINDOW=64240 RES=0x00 SYN URGP=0 
Jan 27 16:42:33 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=66.52.249.70
DST=24.91.102.152 LEN=554 TOS=0x00 PREC=0x00 TTL=113 ID=52450 PROTO=UDP
SPT=666 DPT=1026 LEN=534 
Jan 27 16:44:53 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=172.191.238.240
DST=24.91.102.152 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=27949 DF
PROTO=TCP SPT=3046 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0 
Jan 27 16:53:03 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=24.91.102.199
DST=24.91.102.152 LEN=30 TOS=0x00 PREC=0x00 TTL=127 ID=52117 PROTO=UDP
SPT=4668 DPT=5632 LEN=10 
Jan 27 16:53:35 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=24.91.102.199
DST=24.91.102.152 LEN=30 TOS=0x00 PREC=0x00 TTL=127 ID=52606 PROTO=UDP
SPT=4676 DPT=5632 LEN=10 
Jan 27 16:57:33 h0000b49d5510 kernel: Shorewall:badpkt:DROP:IN=eth0
OUTMAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=81.96.93.239
DST=24.91.102.152 LEN=641 TOS=0x00 PREC=0x00 TTL=103 ID=12444 DF
PROTO=TCP SPT=64762 DPT=1411 WINDOW=63272 RES=0x00 ACK PSH URGP=0 
Jan 27 17:20:58 h0000b49d5510 kernel: Shorewall:net2all:DROP:IN=eth0
OUT= MAC=00:00:b4:9d:55:10:00:05:9a:d6:f0:54:08:00 SRC=216.33.152.219
DST=24.91.102.152 LEN=840 TOS=0x00 PREC=0x00 TTL=109 ID=16605 PROTO=UDP
SPT=25515 DPT=1026 LEN=820

Tom Eastep

2004-Jan-27 22:46 UTC

head link

Re: Shorewall help blacklist and restart/refresh

On Tuesday 27 January 2004 02:35 pm, silvamark wrote:> At the current time I am not subscribed to the mailing list.
>
> I have a blacklist that I got from www.peerguardian.net that is rather
> large ( 81 kb).
> When shorewall start command is issued it takes about 20 mins for it to
> load.
Patient: Doctor, it hurts like hell when I hit myself in the head with this 
hammer.

Doctor: Then don''t do it.
> Is this normal or should I do this another way?
You can generally speed up startup significantly by using a light-weight shell 
like ''ash'' -- see SHOREWALL_SHELL in your shorewall.conf file.
>
> Also I noticed something very strange with shorewall ..
> 	I have cron do a shorewall restart command every 24 hours and
> noticed in my logs that it says
> 	"Shorewall is not currently running" when it restarts ???
Then something is stopping Shorewall or the restart is dying in some ugly way 
that doesn''t transition to the "stopped" state (see 
http://www.shorewall.net/starting_and_stopping_shorewall.htm).
> 	Should I be doing a refresh?
I don''t understand why you want to restart shorewall every 24 hours in
the
first place so I don''t know if a refresh is preferable.
> 	It poses a problem for me because when It does stop my log fills
> up fast.
>
After you start Shorewall, what does "shorewall show shorewall" show
you?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep

2004-Feb-01 19:41 UTC

head link

RE: Shorewall help blacklist and restart/refresh

On Sun, 1 Feb 2004, silvamark wrote:
>
>
> Tom,
>
> Thanks again.
> There is no "Shorewall stopped" message anywhere in
/var/log/messages.
> I never input that command before ... but after your last reply
> I issued the command "Shorewall stop" then checked log ... there
it was.
> So now I''m checking all Cron files ...
> Should I stop Cron to see what happens with shorewall?
> Or is that not a good idea?
>
> I''m assuming that all my cron scripts are:
> 	/etc/cron.daily/makewhatis.cron
> 	/etc/cron.daily/logrotate
> 	/etc/cron.daily/00-logwatch
> 	/etc/cron.daily/slocate.cron
> 	/etc/cron.daily/rpm
> 	/etc/cron.daily/tmpwatch
> 	/etc/cron.daily/0anacron
> 	/etc/cron.daily/00webalizer
> 	/etc/cron.weekly/makewhatis.cron
> 	/etc/cron.weekly/0anacron
> 	/etc/cron.monthly/0anacron
> shown by Webmin Scheduled Cron Jobs module.
>
> So is my next step to analyze all of these to find the culprit?
> I''m not sure what to exactly look for?
>
I wouldn''t think that any of those are doing it. Note that there is
also
root''s crontab (which you can see using "crontab -e" as
root).

What distribution are you running?

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Maybe Matching Threads

Search for more possibly parallel threads

Shorewall users - Jan 2004 - Shorewall help blacklist and restart/refresh

Shorewall help blacklist and restart/refresh

Re: Shorewall help blacklist and restart/refresh

RE: Shorewall help blacklist and restart/refresh

Maybe Matching Threads