Le Thu, 26 Oct 2023 21:00:41 +0300, Tuomo Soini a écrit : > Those are replies to clients which have actually already gone. So > completely normal. While your web server has been processing request, > client has gone and so netfilter has already closed the connection.
I understand much better. It was the notion of closed connection that I lacked for understanding. >> Note that I have exactly the same question with the mail server and >> ports 25,110,143,465,993,995. > > Same for these. Of course. I suspected that the reason was the same, and that's why I stuck to the simple case of the Web. > You can remove these from logging by changing REJECT_DEFAULT in > shorewall.conf. If you add dropInvalid there those won't get logged any > more. Ok. I had the default: REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" I added dropInvalid REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),dropInvalid" I'll see how the logs evolve from now on. > Web is not a standard protocol name, so shorewall developers decided to > add HTTP and HTTPS macros which are actual protocol names instead. But > to make sure old firewall installs won't break on shorewall upgrade, old > Web macro was left there. Ok. I'll switch to HTTP+HTTPS then. Thank you all for your valuable help. _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
