On 08/15/2012 07:56 AM, Tom Eastep wrote:
>>
>> Why in the world would someone keep sending me these, over and over:
>>
>> [34319.426452] Shorewall:Invalid:DROP:IN=wlan0 OUT=
>> MAC=30:14:2d:77:6e:e4:00:24:b2:5a:1d:5c:08:00 SRC=69.171.228.70
>> DST=192.168.1.1 LEN=86 TOS=0x00 PREC=0x20 TTL=242 ID=46354 DF PROTO=TCP
>> SPT=80 DPT=56842 WINDOW=0 RES=0x00 ACK RST URGP=0
>> [34472.030639] Shorewall:Invalid:DROP:IN=wlan0 OUT=
>> MAC=30:14:2d:77:6e:e4:00:24:b2:5a:1d:5c:08:00 SRC=98.142.98.180
>> DST=192.168.1.1 LEN=1500 TOS=0x00 PREC=0x20 TTL=56 ID=35426 DF PROTO=TCP
>> SPT=80 DPT=58076 WINDOW=54 RES=0x00 ACK URGP=0
>> ... and how in the world are these getting through three wifi routers in a
>> chain to the destination machine, each with a firewall?
>
> Do yourself a favor and remove the logging specification from your
> DROP(Invalid) rule. Those are probably late-arriving RSTs from
> connections which have already been closed. They are nothing to worry about.
As an alternative to removing the logging, you can disable netfilter
window tracking by placing this in /etc/shorewall/init:
echo 1 > /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
