Hi, By default, Shorewall sets tcpflags to 1 for each interface, ie. it checks for invalid combinations of TCP flags.
Recently, I saw the following DROP lines in my log: Shorewall:logflags:DROP:IN=enp10s0 OUT=enp7s0f2 MAC=30:85:a9:8e:b9:a0:00:50:60:80:6a:ba:08:00 SRC=10.215.144.98 DST=10.215.219.228 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=9197 PROTO=TCP SPT=5555 DPT=3230 WINDOW=0 RES=0x00 RST FIN URGP=0 TCP/3230 is used for video conferencing, and it should be allowed according to my rules. I could set tcpflags=0 for interface enp7s0f2, but I'd rather not. Is there a way to "force-ACCEPT", or to disable tcpflag checking on a per-rule basis? Vieri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
