Re: [Shorewall-users] Continuous pings going through a full DROP policy

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 2/28/12 5:23 PM, jonetsu wrote:
> Hmmm.. Not sure if the other one got to you, so here it is. Sorry for
> any duplicate. Here is the dump. It was done in the following way: -
> unit3: reboot w/o any iptable commands applied - start continuous
> pings from unit1 - unit3: shorewall start - (continuous pingings
> still going on) - unit3: shorewall dump 192.168.3.2 = unit1 = pinging
> unit 172.30.159.103 = unit3 = shorewall unit 172.30.159.102 = unit2 =
> pinging target unit eth1 <--> fe-4-2 unit3 fe-3-1 <--> fe-3-1 eth2 In
> a parallel iptables-only test it is possible to immediately stop the
> pingings when iptables rules are applied by flushing the whole thing
> before applying any new rules. Thanks !

So everything else, other than the Shorewall version was the same in
these two tests? Kernel, iptables, iproute2, ...?

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________