> > -----Original Message----- > > > > So I could remove the LOG rules just by adding any valid net->fw rule > > even if it is a DROP or REJECT rule that is redundant with a policy? > > That would be my guess.
Tom, Yes, replacing the LOG rules... # # HTTPS fw to net was fixed by adding these two rules. If the NETin rule # is commented out, HTTPS from fw to net will be broken. LOG:$LOG:NETout $FW net tcp - - - - - LOG:$LOG:NETin net all tcp - - - - - # With... # # Workaround: fw->net will not work with out this: # DROP net $FW icmp 8 - - - - # Does the trick. Thank-you for all you do to help. Shorewall is the only firewall I've ever used... and it is on quite a few systems I run at work and at home, so you're efforts are greatly appreciated. --- Kevin R. Bulgrien Design and Development Engineer VertexRSI This email message is for the sole use of the intended recipient(s) and may contain General Dynamics SATCOM Technologies confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender by reply email and destroy all copies of the original message. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
