[Shorewall-newbies] Shorewall + portsentry restart causing NAT to
teastep at shorewall.net
Tue Jan 27 06:59:49 PST 2004
On Monday 26 January 2004 11:11 pm, Ow Mun Heng wrote:
> Shorewall version 1.4.7
> iptables 1.2.7a
> RH9 + Kernel 2.4.24
> Just curious, I see that my NAT tends to hang during which
> portsentry restarts
> (to logrotate I presume) and I also see the corresponding "iptables
That isn't a Shorewall message! Sounds like portsentry is doing "service
iptables restart" or some such.
> I would need to do a /sbin/service shorewall restart to get thing moving
Or simply /sbin/shorewall restart
> I should've done a iptables -L to determine if shorewall(rules) is actually
> but I didn't. So, this is my other alternative.
> So.. are the rules flushed? If so, how can I get portsentry to talk to
> or whatever that whenever they decide to restart, shorewall gets restarted
> as well??
This sounds very much like a Portsentry question rather than a Shorewall
question. Have you consulted the Portsentry documentation to see how it
interacts with iptables?
> BTW, does shorewall stops raw TCP packets even for root?
Shorewall cannot stop raw socket sends.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies