I've got some packets (inbound) that are being dropped by fwrule="60004" and I have a rule in the ruleset allowing these packets inbound as well as a DNAT rule. This was working fine and no changes have been made. The customer now reports that they cannot access their remote SSH service.
The packetfilter logs indicate the packets being dropped by fwrule="60004". How can I quickly determine which rule this is?
Here is a snippet from the logs:
/var/log/packetfilter.log:2008:01:10-12:47:24 (none) ulogd[5808]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60004" initf="eth6" dstmac="00:10:f3:10:00:70" srcmac="00:03:e3:0d[:D]c:82" srcip="69.27.242.3" dstip="209.34.254.107" proto="6" length="40" tos="0x00" prec="0x00" ttl="112" srcport="11557" dstport="22" tcpflags="ACKFIN "
Thanks in advance!
- Clay
This thread was automatically locked due to age.
