From: "Massimo S." <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTPS id 7060510 for ecs-isp@2rosenthals.com; Thu, 27 Apr 2023 13:38:20 -0400
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:37408 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ml@ecomstation.it>)
	id 1ps5ZK-0000jG-30
	for ecs-isp@2rosenthals.com;
	Thu, 27 Apr 2023 13:38:13 -0400
Received: from mail2.quasarbbs.net ([80.86.52.115]:10025)
	by mail2.2rosenthals.com with esmtp (Exim 4.96)
	(envelope-from <ml@ecomstation.it>)
	id 1ps5ZC-0005dd-0E
	for ecs-isp@2rosenthals.com;
	Thu, 27 Apr 2023 13:38:06 -0400
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_2000_2999 0.000000,
	BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000,
	CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000,
	IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000,
	REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000,
	__DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000,
	__FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000,
	__FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000,
	__FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000,
	__HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __INVOICE_MULTILINGUAL 0.000000,
	__IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000,
	__MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000,
	__MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000,
	__PHISH_SPEAR_SUBJECT 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000,
	__PHISH_SPEAR_SUBJ_PREDICATE 0.000000, __REFERENCES 0.000000,
	__REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000,
	__REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000,
	__TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000,
	__TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000,
	__URI_NS 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.1, AntispamData: 2023.4.27.170617
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_2000_2999 0.000000,
	BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000,
	CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000,
	IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000,
	REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000,
	__ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000,
	__DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000,
	__FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000,
	__FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000,
	__FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000,
	__HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __INVOICE_MULTILINGUAL 0.000000,
	__IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000,
	__MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000,
	__MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000,
	__PHISH_SPEAR_SUBJECT 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000,
	__PHISH_SPEAR_SUBJ_PREDICATE 0.000000, __REFERENCES 0.000000,
	__REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000,
	__REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000,
	__TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000,
	__TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000,
	__URI_NS 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.1, AntispamData: 2023.4.27.170617
Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.79)
  for <ecs-isp@2rosenthals.com>; 27 Apr 2023 19:38:01 
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] InJoy FW 4.2.2 issue with a rule "failed to send
 packet"
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-7058471@2rosenthals.com>
Organization: eComStation dot it
Message-ID: <676e6f5d-0688-cc44-2fa0-dadd498321fb@ecomstation.it>
Date: Thu, 27 Apr 2023 19:37:59 +0200
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-7058471@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 7bit



Il 27/04/2023 09:07, Steven Levine ha scritto:
> In <list-7057545@2rosenthals.com>, on 04/26/23
>     at 09:20 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:
> 
> Hi Massimo,
> 
>> rule123
>>          Protocol = TCP,
>>          Destination-Port = "54444",
>>          Destination = "My_IP",
>>          Rule-Action = Allow,
>>          Direction = Bidirectional
> 
>> to my firerule.cnf
> 
>> injoy stop working, every tcpip connection do not work (server completely
>> isolated) and i get this error in activity.log
> 
>> Fatal: failed to send packet (32799 - 0)
> 
> The error code translates to
> 
> #define ERROR_LONGLOCK                  32799
> 
> and 0 is the number of bytes sent.
> 
> This means for an as yet unknown reason the DosWrite to the pipe that
> gateway.exe uses to communicate with fxwrap.sys timed out.
> 
> Did you check ijfw\logs\firewall.log?  This is where rule errors are
> typically reported.

no errors in firewall.log:

2023/04/26 13:31:28  FIREWALL PLUGIN: Initialized successfully                  2023/04/26 13:31:28  FIREWALL 
PLUGIN: Version 4.2, build timestamp May 22 2014 13:49:46 
                    2023/04/26 13:31:28  FIREWALL PLUGIN: + Dynamic firewall, + URL handling, + Safe-Mail, + 
Traffic Shaper
2023/04/26 13:31:35  FIREWALL PLUGIN: Configuration successfully loaded         2023/04/26 13:31:35  FIREWALL 
PLUGIN: Ready...

>> since i use includes (with 3 rule files) and i've about 417 KiloBytes in
>> total of rules anyone knows if i'm reaching a physical limit of the
>> product?
> 
> If you were, it would be reported in firewall.log.
> 
>> to have the firewall working again and so tcp/ip communications i had to
>> comment one of these 3 include file
> 
> What does this mean?  You stated above, you added one rule and thi broke
> the firewall.  What does have to do with "these 3 include file"?
> 
> Steven

i've 3 include files containing rules and another number of rules in firerule.cnf

#include <firewall/spam.cnf> 
                                                  #include <firewall/r_p_ddos.cnf> 
                                                                                                    #include 
<firewall/url_filter.cnf>

i had to comment one of these to have injoy working again


massimo