[Shorewall-users] Dropped packet question....

Tom Eastep teastep@shorewall.net
Wed, 2 Jan 2002 05:54:08 -0800

On Wednesday 02 January 2002 04:10 am, Bear wrote:

> Log entry:
> Jan  2 03:27:56 net2all:DROP:IN=3Deth0 OUT=3Deth1 SRC=3D65.214.36.7
> DST=3D192.168.0.25 LEN=3D64 TOS=3D0x00 PREC=3D0x00 TTL=3D1 ID=3D32523 P=
> DPT=3D0 LEN=3D44

While the DPT is unusual, it's not unusual to see these sorts of orphan D=
replies. I've handled them by:

a) cd /etc/shorewall; cp common.def common
b) Add the following to common

    run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP

c) restart Shorewall

Tom Eastep    \  teastep@shorewall.net
AIM: tmeastep  \  http://www.shorewall.net
ICQ: #60745924  \  Firewalls for Linux 2.4