Hello Tom. Please find enclosed the requested file as well as my full configuration.
Also I noticed that the reap option provided in the recent match is not
detected by Shorewall whereas it seems to be available :
$ sudo iptables -N test
$ sudo iptables -A test -m recent --rcheck --seconds 10 --reap
$ sudo iptables -L test
Chain test (0 references)
target prot opt source destination
all -- anywhere anywhere
recent: CHECK seconds: 10 reap name: DEFAULT side: source mask:
255.255.255.255
Not sure I actually need it but this looks strange to me.
> Hello.
>
> As soon as I add the rpfilter option to my single interface, any
> outgoing traffic is blocked.
>
> Here is my interface file :
> net eth0
> dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0,rpfilter
>
> When taking a look at the logs, I notice packets have been blocked by
> the net-fw rule :
>
> Mar 26 15:46:44 MyPC net-fw:DROP IN=eth0 OUT= MAC=XXXXX
> SRC=173.194.40.159 DST=192.168.1.166 LEN=84 TOS=00 PREC=0x00 TTL=54
> ID=35571 PROTO=ICMP TYPE=0 CODE=0 ID=30205 SEQ=16 MARK=0
>
> This message has been triggered by pinging google.fr.
>
> Note that it works properly when using rp_filter.
>
> Please find attached my configuration files.
>
> Version information : 4.5.21.7
>
> Hervé
shorewall.tar.xz
Description: application/xz-compressed-tar
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
