Re: [eCS-ISP] InJoy FW 4.2.2 issue with a rule "failed to send packet"
Date:
Sun, 14 May 2023 14:12:25 -0700
To:
"eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
In <list-7160221@2rosenthals.com>, on 05/14/23
at 10:04 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
Hi Massimo,
>but anyway doing this kind of tests on a production server is an issue
>since i've to do it late in the night
I understand.
>and i've another problem too (this one since years ago)
>reloading the rules don't show the issue
>you have to restart the fw
>if i restart the fw injoy do not work anymore even with a working rules
>set all packets ends into SYN_SENT state and i've to reboot the server
>(setboot /b)
As with your "large ruleset" problem, we have never encountered this one
either. Dan runs ijfw on 6 or 7 OS/2 instances with differing application
mixes. The ijfw security levels vary. Most run 5 or 6, which is a fair
set of rules and we also have a number of Observe rules to keep the
annoying password guesses away.
I can't recall a valid set of rules failing to reload either when using
the GUI or with the sync command.
Every now and then ijfw constructs a bogus blacklist rule which stops all
packet transfers. However, since this is a known issue, it does not take
us long to think to delete the blacklist file and sync the firewall. This
does not occur often. I dimly recall the last occurance was something
like 6 months ago.
When you have more data to review on this issue, let us know.
back to list