>
> > Feb 5 16:42:38 home kernel: net-fw DROP IN=eth0 OUT=
> > MAC=(redacted) SRC=208.85.46.26 DST=(redacted) LEN=1280 TOS=0x00
> > PREC=0x00 TTL=55 ID=13505 DF PROTO=TCP SPT=80 DPT=41374
> > WINDOW=201 RES=0x00 ACK URGP=0>
> >
> > I'm getting these ACK DROP message in the logs from Google on IPv6,
> > Pandora (daughter), one DNS provider that I cannot remember. Could
> > I trouble you to help me understand what is going on?
>
> The deprecated Drop action invokes 'NotSyn(DROP,@1)'; with that DROP
> policy action under Shorewall 5.0, these packets were silently dropped.
> Using the 5.1 default DROP policy actions
> (Broadcast(DROP),Multicast(DROP)), these packets are not silently
> dropped, which is why you are seeing them.
>
> Thank you Tom!
Could I trouble you to let me know how to configure 5.1 so I can get those
packets silently dropped like in 5.1?
I have these default 5.1 settings.
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
