thr3ads.net - Shorewall users - Closing FW prior to network initialization [Jan 2014]

If this information is useful, please help other people find it:
Share via:

Øyvind Lode

2014-Jan-06 16:27 UTC

Closing FW prior to network initialization

Hi:

I configured shorewall-init on my debian fw to avoid messages like this:

____________________________

Jan  6 17:08:54 munin Shorewall:net2fw:DROP: IN=eth0 OUT= MAC=48:5b:39:ac:1b:5e:
00:12:da:a4:14:bf:08:00 SRC=213.162.248.20 DST=81.166.42.2 LEN=76 TOS=00 PREC=0x
00 TTL=56 ID=0 DF PROTO=UDP SPT=439 DPT=123 LEN=56 MARK=0
Jan  6 17:08:58 munin Shorewall:net2fw:DROP: IN=eth0 OUT= MAC=48:5b:39:ac:1b:5e:
00:12:da:a4:14:bf:08:00 SRC=193.212.132.34 DST=81.166.42.2 LEN=76 TOS=00 PREC=0x
00 TTL=114 ID=26939 PROTO=UDP SPT=23009 DPT=123 LEN=56 MARK=0
Jan  6 17:09:00 munin Shorewall:net2fw:DROP: IN=eth0 OUT= MAC=48:5b:39:ac:1b:5e:
00:12:da:a4:14:bf:08:00 SRC=88.84.190.34 DST=81.166.42.2 LEN=76 TOS=00 PREC=0x00
TTL=116 ID=33107 PROTO=UDP SPT=227 DPT=123 LEN=56 MARK=0
Jan  6 17:09:14 munin Shorewall:net2fw:DROP: IN=eth0 OUT= MAC=48:5b:39:ac:1b:5e:
00:12:da:a4:14:bf:08:00 SRC=193.212.132.34 DST=81.166.42.2 LEN=76 TOS=00 PREC=0x
00 TTL=114 ID=27111 PROTO=UDP SPT=23009 DPT=123 LEN=56 MARK=0 

____________________________

I have a public ntp server running on a box behind the fw.

Tom (Eastep) recommended me to configure shorewall-init to get rid of these log
entries.

I installed shorewall-init and configured it to close the fw prior to network
with:

PRODUCTS="shorewall"

In /etc/default/shorewall-init

As I understand it this should be sufficient to close the fw before bringing up
networking.

But I see the above messages in the log when I reboot.

Flushing the connection tracking table is the only solution by running
'conntrack -F'.

But when I reboot the fw similar entries reappear in my fw logs and I have to
run conntrack -F manually.

How can I prevent these entries cluttering my log?

Shorewall 4.5.21.5 on debian sid running linux 3.12.6

Please let me know if you need additional info about my config to help me solve
this problem.

Thanks

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk

Shorewall users - Jan 2014 - Closing FW prior to network initialization

Closing FW prior to network initialization