Le Thu, 26 Oct 2023 22:01:19 - (UTC), Christophe PEREZ a écrit :
> Do I need to add ":$LOG_LEVEL" as:
> REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),dropInvalid:$LOG_LEVEL"
> ?
Not better:
Oct 27 02:19:26 myserver kernel: [1647881.795002] fw-net DROP IN= OUT=eth0
SRC=myserverip
Le Thu, 26 Oct 2023 19:20:06 - (UTC), Christophe PEREZ a écrit :
> I'll see how the logs evolve from now on.
I still have them:
Oct 26 21:47:33 myserver kernel: [1631569.333297] fw-net REJECT IN=
OUT=eth0 SRC=myserverip DST=oneclientip LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=9856 DF
Le Thu, 26 Oct 2023 21:00:41 +0300, Tuomo Soini a écrit :
> Those are replies to clients which have actually already gone. So
> completely normal. While your web server has been processing request,
> client has gone and so netfilter has already closed the connection.
I understand much better. It
On Thu, 26 Oct 2023 04:17:39 - (UTC)
Christophe PEREZ wrote:
> Oct 26 03:57:04 myserver kernel: [1567341.969608] fw-net REJECT IN=
> OUT=eth0 SRC=myipserver DST=oneclientip LEN=40 TOS=0x00 PREC=0x00
> TTL=64 ID=0 DF PROTO=TCP SPT=443 DPT=37615 WINDOW=0 RES=0x00 RST
> URGP=0
Those are
Hi,
>
>> Some comments:
>> (1) It's recommended to use HTTP(ACCEPT) and HTTPS(ACCEPT) rather than
>> Web(ACCEPT) which just combines the two.
>
> I don't understand why Web exist so, if not recommanded to use it.
> I replaced Web by HTTP and HTTPS lines, and of course, nothing changed.
>
I guess
I don't know nearly everything about shorewall nor IPTables. I notice
however that using a sub-zone definition sshok:net is a bit unusual, and
it's also unusual to have CONTINUE in policy. Maybe there are good reasons
but I have a relatively complex installation and I haven't used nor seen
either
First, thanks for your answer.
Le Thu, 26 Oct 2023 09:10:33 +0100, Norman and Audrey Henderson a écrit :
> Hi, the one message you included is a normal response message from your
> web server to the client. The client (some random user on the Internet)
> has made a request with destination port
Hi, the one message you included is a normal response message from your web
server to the client. The client (some random user on the Internet) has
made a request with destination port 443 and a random source port, 37615.
Apache replied with source port 443 and destination port 37615, that is