On Fri, 2011-09-02 at 16:21 +0300, Liutauras Adomaitis wrote: > On Fri, Sep 2, 2011 at 4:00 PM, Tom Eastep <[email protected]> wrote: > > On Fri, 2011-09-02 at 13:10 +0300, Liutauras Adomaitis wrote: > > > >> I've been using it for a years, but only now I stepped on the strange > >> problem: > >> the rule is > >> ACCEPT:info all fw tcp 22 > >> Primitive, however I get logs for each packet and expectation is that > >> i get logs only for every incoming connection, syn packet. > >> I've been using Mandriva and I guess distribution has made some rules, > >> macros and this line was working as I expected, however now on Fedora > >> 13 it just logs every packet. > >> > >> Any ideas? > > > > Did you inadvertently place the rule in the ESTABLISHED section of the > > rules file rather than in the NEW section? > > > > -Tom > > -- > > Just double checked - no. Here is my rules file: > #SECTION ESTABLISHED > #SECTION RELATED > SECTION NEW > ACCEPT all $FW tcp 22 - # SSH > > Can this be related to the fact that I'm running virtual machine based > on OpenVZ. I just got it from my hosting provider. I am not familiar > with such type of virtualization. Can this be related? >
Yes. Another user has reported that iptables/Netfilter is broken when running in an OpenVZ container. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
