-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I have noticed that when ever we reboot the machine, there are a lot of "rejects " in the log, which is surprising since our rules allow this traffic. However, once I execute shorewall restart, the rejects stop. This is repeatable, Partial output fro grep Shorewall /var/log/syslog which I ran just before sending this email are below. What would be the best way to track this down? Jul 2 06:19:46 omega kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth0 SRC=192.168.1.1 DST=192.168.1.255 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=80 DF PROTO=UDP SPT=520 DPT=520 LEN=32 Jul 2 06:19:54 omega kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth0 SRC=192.168.1.1 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=81 DF PROTO=UDP SPT=520 DPT=520 LEN=52 Jul 2 06:20:07 omega kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth0 SRC=192.168.1.1 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=109 DF PROTO=UDP SPT=631 DPT=631 LEN=127 Jul 2 06:20:07 omega kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth0 SRC=192.168.1.1 DST=192.168.1.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=111 DF PROTO=UDP SPT=631 DPT=631 LEN=127 Jul 2 06:20:57 omega logger: Shorewall Restarted [root@omega omega13]# - -- Robin Lynn Frank Director of Operations Paradigm-Omega, LLC =====================Civilization, as we know it, will end sometime this evening. See SYSNOTE tomorrow for more information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Sed quis custodiet ipsos custodes? iD8DBQFA5YZko0pgX8xyW4YRA9ikAKDQTKtpsmA8MwCWYfL5p3Bw1rMGHwCg6jf5 KZ4ghnx3y3ZT0CV7Kz23IBc=MklG -----END PGP SIGNATURE-----
Robin Lynn Frank wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > I have noticed that when ever we reboot the machine, there are a lot of > "rejects " in the log, which is surprising since our rules allow this > traffic. However, once I execute shorewall restart, the rejects stop. This > is repeatable, > > Partial output fro grep Shorewall /var/log/syslog which I ran just before > sending this email are below. What would be the best way to track this down? >Compare the output of "shorewall status" before the restart and after. If you are running Shorewall 2.0.1 or later and have done a "shorewall save", it may be that your restore file (/var/lib/shorewall/restore) is out of date. If that is the case then another "shorewall save" now (assuming that Shorewall is currently running normally) will correct the problem. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Friday 02 July 2004 09:04, Tom Eastep wrote:> If you are running Shorewall 2.0.1 or later and have done a "shorewall > save", it may be that your restore file (/var/lib/shorewall/restore) is > out of date.That was the problem. Thanks. I guess your tagline is accurate. :-( - -- Robin Lynn Frank Director of Operations Paradigm-Omega, LLC =====================And on the eighth day, we bulldozed it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Sed quis custodiet ipsos custodes? iD8DBQFA5Yqmo0pgX8xyW4YRAyjtAJ9DrH1koOVDqXL+DHbGsGb8u/3ekQCghwvY IUIPZb+wGaVbsiahTXkPZ3E=lJIO -----END PGP SIGNATURE-----