I am getting a whole bunch of messages in dmeg which look like the
following
Shorewall:sshc-fw:REJECT:IN=enp4s0 OUT= MAC=f8:32:e4:70:14:5b:f4:4e:05:08:4b:00:08:00 SRC=101.227.98.81 DST=142.103.234.23 LEN=52 TOS=0x00 PREC=0x00 TTL=44 ID=50529 DF PROTO=ICMP TYPE=8 CODE=0 ID=18477 SEQ=22560
sshc is a "host" entry in /etc/shorewall/hosts. It starts like
sshc enp+:14.208.0.0/12,31.162.0.0/18....
I assume sshc-fw is a comment that it is the sshc firewall rule that is producing there Rejects, but there is not sshc firewall rule which says
to REJECT ICMP packets.And a REJECT would be wrong anyway since it would
be a reply to the remote machine.
The only ICMP rule I had was an ACCEPT rule for a local range of
addresses.
I am getting a whole bunch of messages in dmeg which look like the
following
Shorewall:sshc-fw:REJECT:IN=enp4s0 OUT= MAC=f8:32:e4:70:14:5b:f4:4e:05:08:4b:00:08:00 SRC=101.227.98.81 DST=142.103.234.23 LEN=52 TOS=0x00 PREC=0x00 TTL=44 ID=50529 DF PROTO=ICMP TYPE=8 CODE=0 ID=18477 SEQ=22560
sshc is a "host" entry in /etc/shorewall/hosts. It starts like
sshc enp+:14.208.0.0/12,31.162.0.0/18....
I assume sshc-fw is a comment that it is the sshc firewall rule that is producing there Rejects, but there is not sshc firewall rule which says
to REJECT ICMP packets.And a REJECT would be wrong anyway since it would
be a reply to the remote machine.
The only ICMP rule I had was an ACCEPT rule for a local range of
addresses.
On Thu, 31 Mar 2022 21:06:07 -0000 (UTC), William Unruh wrote:
I am getting a whole bunch of messages in dmeg which look like the
following
Shorewall:sshc-fw:REJECT:IN=enp4s0 OUT= MAC=f8:32:e4:70:14:5b:f4:4e:05:08:4b:00:08:00 SRC=101.227.98.81 DST=142.103.234.23 LEN=52 TOS=0x00 PREC=0x00 TTL=44 ID=50529 DF PROTO=ICMP TYPE=8 CODE=0 ID=18477 SEQ=22560
sshc is a "host" entry in /etc/shorewall/hosts. It starts like
sshc enp+:14.208.0.0/12,31.162.0.0/18....
I assume sshc-fw is a comment that it is the sshc firewall rule that is
producing there Rejects, but there is not sshc firewall rule which says
to REJECT ICMP packets.And a REJECT would be wrong anyway since it would
be a reply to the remote machine.
The only ICMP rule I had was an ACCEPT rule for a local range of
addresses.
I do not use the /hosts file and never seen :sshc-fw:
Keep in mind that shorewall runs through the rules file and if no rule
is found for the connection then the default option is taken which I think
is Drop in my setup.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 41:57:29 |
Calls: | 6,708 |
Calls today: | 1 |
Files: | 12,243 |
Messages: | 5,353,869 |