[Shorewall-users] Established connection logging...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Over the last few months, I've noticed log entries that appear to be
part of established connections:

Shorewall:fw2net:ACCEPT:IN=3D OUT=3Deth0 SRC=3D206.253.95.97 DST=3D131.15.4=
8.58
LEN=3D1400 TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D56805 DF PROTO=3DTCP SPT=3D=
80
DPT=3D19052 WINDOW=3D1768 RES=3D0x00 ACK PSH URGP=3D0

We seem to get these entries for our highest volume services like web
and dns but I've occasionally seen them for others. The Shorewall
logging documentation says that packets for established connections
are accepted and cannot be logged... can someone explain what might be
happening here? I'd like to understand why these are showing up in
case I have something misconfigured.

Thanks,

-Tom