Hi,
I use these rules in the INVALID and NEW sections of the rules file:
FIN(ACCEPT) { SOURCE=all, DEST=all }
RST(ACCEPT) { SOURCE=all, DEST=all }
according to a previous mailing list post:
https://sourceforge.net/p/shorewall/mailman/shorewall-users/thread/CABLYT9j-KvM0JEwxoZ3xppoL5yxZqQe6qyEj0_wJJ8eecyE3nA%40mail.gmail.com/#msg37123538
However, I'm still seeing ACK drops as noted in this other post:
https://sourceforge.net/p/shorewall/mailman/message/37178313/
eg.:
May 4 08:04:22 fw1 kernel: FWGW:wan-lan1:DROP:IN=wan OUT=lan.1
MAC=ac:1f:6b:9b:85:06:30:85:a9:8e:b9:a0:08:00 SRC=23.200.66.154
DST=10.215.248.214 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=38801 DF
PROTO=TCP SPT=443 DPT=64710 WINDOW=123 RES=0x00 ACK URGP=0
The shorewall rules man page does not explain how to use the curly brackets.
What is the format of the content within these characters?
I'm wondering if "SOURCE=all, DEST=all" is syntactically correct.
If so, why am I seeing these dropped ACK replies when I have no rules
blocking them (eg. lan1-wan HTTPS traffic from 10.215.248.214 to
23.200.66.154 is allowed, so I'm expecting the ACK not to be dropped)?
Vieri
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
