On 08/05/2018 09:11 AM, Matt Darfeuille wrote: > > > On 8/5/2018 5:20 PM, Matt Darfeuille wrote: >> On 8/5/2018 5:09 PM, daniel_1983--- via Shorewall-users wrote: >>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >>> On August 5, 2018 4:04 PM, <daniel_1...@protonmail.com> wrote: >>> >>>> Email sent successfully after putting back the policy and issuing a >>>> shorewall clear. Will leave it like this and hope for the best. >>>> >>>> What would be a logical explanation to this ? >>> >>> Silly me ! shorewall clear will also stop the firewall that's why the >>> e-mail got delivered. >>> >> >> Yes, 'shorewall clear' means that your system is unprotected. >> Can you send me privately a tarball (archive) of your configuration >> files when it is not working? >> > > In your rules file, all your rules are in the '?SECTION ALL', I'm > assuming that it is done on purpose? > If no, please change '?SECTION ALL' to '?SECTION NEW' and try again. > > You are using an unsupported version of Shorewall (Shorewall 4.6.4.3 > Dump at messagerie-prep - Wed Aug 1 11:06:16 CET 2018); see the URL for > supported Shorewall version at the bottom of this e-mail. > > Given that it is working with the policy 'net $FW ACCEPT', using the > rules file should also work. > > > http://shorewall.org/#Releases
The dump that Daniel submitted shows that there is no ACCEPT rule for incoming packets in the ESTABLISHED state. This is clearly a bug, but given that his release is almost four years old and all rules are in the ALL section, there is not much we can do to fix it. I suspect it will work fine if all rules are moved to the NEW section, as that is the normal method of configuring Shorewall rules. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
