Re: [Shorewall-users] DROP and COUNT with PROTO=255

Wed, 07 Jun 2017 14:49:30 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 06/05/2017 11:44 PM, Vieri Di Paola via Shorewall-users wrote:
> Hi,
> 
> My last Shorewall rule is DROP with logging options (:info:polbl).
> It's a custom DROP action identical to the upstream version, except
> it includes the SRC IP addr. in an ipset.
> 
> I usually get messages in the log such as Shorewall:polbl:DROP... 
> However, I sometimes get messages such as the one below:
> 
> Jun  5 16:47:51 kernel: Shorewall:polbl:COUNT:IN=enp9s5 OUT=
> MAC=00:0d:88:cd:7f:c5:00:13:f7:23:ef:b4:08:00 SRC=1.2.3.4
> DST=192.168.100.2 LEN=60 TOS=0x00 PREC=0x00 TTL=124 ID=10689
> PROTO=255 MARK=0x2
> 

- From your most recent dump:

Chain DROPBL (24 references)
 pkts bytes target     prot opt in     out     source
destination
    4  1667 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:polbl:COUNT:"
    0     0 ~log640    icmp --  *      *       0.0.0.0/0
0.0.0.0/0           [goto]  icmptype 3 code 4 /* Needed ICMP types */

> What is the reason for which the packet was DROPped? What does
> COUNT mean exactly, especially with PROTO=255?

That rule doesn't indicate that the packet is being dropped -- it
simply means that it is being logged and counted.

- -Tom
- -- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJZOHO4AAoJEJbms/JCOk0QgPoQAKpdXbyBI+Sic7Q9BaZ9HSU8
T2n3qI/A+1gBA7nmA2WV4FKoKitLaCwwb1lItJEzCMn5PXhv+IdijGsuqZI+Su+C
lKe2zW3O8tHCjMu1FUfSl/cWiDq0tltPNqNjWaz5LRuPaKPk5oEntCqMnGTTsZ2J
HqaDY8htyYi/Ls6yta54NAjfK9QCwQBRJFWIWhUoi02uk+qncbEJu5XVZTiSa6Yu
x0C/Bu0BzF238Gav/6Gwd9qf9aMy4a0/X/vhxvwlNFyFpiaETi3Q5Ux7XmJy51p8
aYgU14QxGGQ6v8L0e0+w5KxRoBw9o2uFJeu55SEg1iHoFVGLC6DIVisrx6nPZPwG
4DjKtQFFAG+bhJFLpK5e9KCkctQE56VCW/ERIpQb0ZnsL5wTA0KxBd/HmAInI6Z1
Kq33Ji+Ntn92067dSloy4ENEMvJhsOK5i+EwS2Vl0ckj9S0yZj1QUT5eVkJ0wEPy
pVaXpo5SpnHRbozHJWipNuzjKbK8m0HS3L5pkZSh9RYN+oy9blN0aHZ7l06zXCSX
3VfqpSo4pL/mjEjqP7sTcI1eETRyt4vTDZLeuN5yXmx7ZZxsC3t1wRlIscoLUHJo
A0F9lazraxDJ+S0DqS7QSXXeuY9wdpvQrRzZgquxKZw6w6ufUKs8jCAzQtTaddL8
CER2+ovcJddpT3IIGpXX
=G6FS
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to