ASG 220 Randomly Starts Dropping All Packets (fwrule 60002)

Hi all,

I'm running 7.504 (upgrading to 7.505 tonight) and today I encountered a strange problem.  It has also happened once before.  Out of the blue the firewall starts dropping all packets, heres a sample from the packet filter log:

Jun  9 11:56:59 ***.***.***.1 2010:06:09-11:50:35 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.18" dstip="208.67.222.222" proto="17" length="70" tos="0x00" prec="0x00" ttl="127" srcport="64899" dstport="53" 

Jun  9 11:56:59 ***.***.***.1 2010:06:09-11:50:35 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.10" dstip="208.67.220.220" proto="17" length="60" tos="0x00" prec="0x00" ttl="127" srcport="50515" dstport="53" 

Jun  9 11:57:00 ***.***.***.1 2010:06:09-11:50:35 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.10" dstip="208.67.220.220" proto="17" length="60" tos="0x00" prec="0x00" ttl="127" srcport="50217" dstport="53" 

Jun  9 11:57:00 ***.***.***.1 2010:06:09-11:50:36 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth2" outitf="eth0" srcip="***.***.***.18" dstip="***.***.***.14" proto="6" length="92" tos="0x00" prec="0x00" ttl="118" srcport="4528" dstport="1494" tcpflags="ACK PSH" 

Jun  9 11:57:01 ***.***.***.1 2010:06:09-11:50:36 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.10" dstip="208.67.220.220" proto="17" length="60" tos="0x00" prec="0x00" ttl="127" srcport="51273" dstport="53" 

Jun  9 11:57:02 ***.***.***.1 2010:06:09-11:50:37 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth0" outitf="eth1" srcip="***.***.***.18" dstip="208.67.222.222" proto="17" length="62" tos="0x00" prec="0x00" ttl="127" srcport="53427" dstport="53" 

Jun  9 11:57:03 ***.***.***.1 2010:06:09-11:50:38 ulogd[3291]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth2" outitf="eth0" srcip="***.***.***.18" dstip="***.***.***.14" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="4528" dstport="1494" tcpflags="ACK PSH" 

It looks like mostly DNS requests from the sample, but I can assure you that it was blocking everything.  I looked in the logs around the time that it started happening and couldn't find anything that may have caused this to happen.  I rebooted the firewall and everything began working again.

I'd like to prevent this from happening in the future.  Has this happened to anyone else, or can someone explain why this would happen?  I saw in the knowledgebase that fwrule 60002 corresponds to filter:FORWARD in the iptables chain...  does that have any relevance?

Thanks,
Lane

This thread was automatically locked due to age.