Think I found the issue - not shorewall.
http://bugs.centos.org/view.php?id=5231
On 12/12/2011 9:51 AM, Alan Madill wrote:> I don''t know if this is a Shorewall issue or not. We have a newly
built router
> with multiple vlans, dual isp. Twice now we have seen the network slow to
a
> crawl with ping times of 500ms to the next device on one of the ISP
vlan''s. A
> reboot clears the problem. This is in the logs just prior to the reboot.
I
> just upgraded the selinux_policy and I''ll wait to see if it
happens again.
>
> Dec 12 08:38:41 wanrouter kernel: __ratelimit: 10 callbacks suppressed
> Dec 12 08:38:41 wanrouter kernel: type=1400 audit(1323707921.637:68370):
avc:
> denied { sys_module } for pid=24399 comm="ip" capa
> bility=16 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tclass=capabil
> ity
>
> Any suggestions as to which tree to bark up?
>
>
------------------------------------------------------------------------------
> Learn Windows Azure Live! Tuesday, Dec 13, 2011
> Microsoft is holding a special Learn Windows Azure training event for
> developers. It will provide a great way to learn Windows Azure and what it
> provides. You can attend the event by watching it streamed LIVE online.
> Learn more at http://p.sf.net/sfu/ms-windowsazure
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure