Re: [Shorewall-users] Closing FW prior to network initialization

Tom Eastep Tue, 07 Jan 2014 08:40:31 -0800

On 1/6/2014 1:24 PM, Øyvind Lode wrote:
> Yes:
> 
> Jan  6 17:03:24 munin logger: Shorewall Stopped
> 
> Jan  6 17:04:12 munin kernel: [    1.029009] r8169 0000:02:00.0 eth0: 
> RTL8168d/8
> 111d at 0xffffc90000378000, 48:5b:39:ac:1b:5e, XID 083000c0 IRQ 42
> Jan  6 17:04:12 munin kernel: [    1.029022] r8169 0000:02:00.0 eth0: jumbo 
> feat
> ures [frames: 9200 bytes, tx checksumming: ko]
> Jan  6 17:04:12 munin kernel: [    1.510458] e1000 0000:01:00.0 eth1: 
> (PCI:33MHz
> :32-bit) 00:1b:21:3a:82:66
> Jan  6 17:04:12 munin kernel: [    1.510475] e1000 0000:01:00.0 eth1: 
> Intel(R) P
> RO/1000 Network Connection
> Jan  6 17:04:12 munin kernel: [    9.201315] r8169 0000:02:00.0 eth0: link 
> down
> Jan  6 17:04:12 munin kernel: [    9.201351] r8169 0000:02:00.0 eth0: link 
> down
> Jan  6 17:04:12 munin kernel: [    9.201379] IPv6: ADDRCONF(NETDEV_UP): eth0: 
> li
> nk is not ready
> Jan  6 17:04:12 munin kernel: [   10.841359] r8169 0000:02:00.0 eth0: link up
> Jan  6 17:04:12 munin kernel: [   10.841376] IPv6: ADDRCONF(NETDEV_CHANGE): 
> eth0
> : link becomes ready
> Jan  6 17:04:12 munin kernel: [   13.125508] IPv6: ADDRCONF(NETDEV_UP): eth1: 
> li
> nk is not ready
> Jan  6 17:04:12 munin kernel: [   13.149753] e1000: eth1 NIC Link is Up 1000 
> Mbp
> s Full Duplex, Flow Control: RX/TX
> Jan  6 17:04:12 munin kernel: [   13.149911] IPv6: ADDRCONF(NETDEV_CHANGE): 
> eth1


Øyvind,

Try placing this entry in /etc/shorewall/stoppedrules:

        NOTRACK    eth0 - udp   123

That should insure that UDP 123 requests that arrive before the firewall
is started will not create conntrack entries.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Closing FW prior to network initialization

Reply via email to