If you've used a boxed firewall script, or you've rolled your own, and it
calls ipchains-save and ipchains-restore this may be the cause. I'll admit
that I'm not too familiar with SuSE myself but with slack it calls two
scripts (it's been a while but I think they're called ip-up and ip-down)
that execute depending on the state of your connection -- this is assuming a
PPP (modem or sometimes xDSL) connection. Now, if when your connection gets
dropped and ipchains-save gets called, all of your rules will be saved.
*BUT*, if when your connection comes back up and ipchains-restore _AND_ your
firewall script are called, you will then have a duplicated firewall
ruleset. I don't know much about your setup, but I've witnessed this
phenomenon before (my own blunder). :)
Of course, if this happens over and over again throughout the night, it will
only grow exponentially.
Mike Fetherston
Network Administrator
ADIN / Sault Community Career Centre
----- Original Message -----
From: "Steffen Schmalbach" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 2001 6:51 AM
Subject: Ipchains phenomenon
Hi all
I�ve got suse linux machine running with 2.2.16 Kernel
There is got running a firewall with ipchains and everything works fine
except one thing
My rules seem to replicate themselves at night. Every morning i check
the list with rules and
since a few days i have the phenomenon that there are much more rules
than needed. Not additional ones but the same rules ever and ever again.
Normally ther are about 40-50 rules but now there are about 500 rules !!
Does anybody know something about this ??
Thanks
Steffen Schmalbach
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
