From: |
"Massimo S." <ecs-isp@2rosenthals.com> |
Full Headers Undecoded message |
Subject: |
Re: [eCS-ISP] InJoy FW 4.2.2 issue with a rule "failed to send packet" |
Date: |
Sun, 14 May 2023 23:55:48 +0200 |
To: |
eCS ISP Mailing List <ecs-isp@2rosenthals.com> |
|
---|
Il 14/05/2023 23:12, Steven Levine ha scritto:
In <list-7160221@2rosenthals.com>, on 05/14/23
at 10:04 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
Hi Massimo,
but anyway doing this kind of tests on a production server is an issue
since i've to do it late in the night
I understand.
and i've another problem too (this one since years ago)
reloading the rules don't show the issue
you have to restart the fw
if i restart the fw injoy do not work anymore even with a working rules
set all packets ends into SYN_SENT state and i've to reboot the server
(setboot /b)
As with your "large ruleset" problem, we have never encountered this one
either. Dan runs ijfw on 6 or 7 OS/2 instances with differing application
mixes. The ijfw security levels vary. Most run 5 or 6, which is a fair
set of rules and we also have a number of Observe rules to keep the
annoying password guesses away.
I can't recall a valid set of rules failing to reload either when using
the GUI or with the sync command.
Every now and then ijfw constructs a bogus blacklist rule which stops all
packet transfers. However, since this is a known issue, it does not take
us long to think to delete the blacklist file and sync the firewall. This
does not occur often. I dimly recall the last occurance was something
like 6 months ago.
this is surely not my issue since
blacklst.cnf 1.406 24/10/19
is dated 2019
anyway good to know
thanks
massimo
When you have more data to review on this issue, let us know.
i simply don't know how to take out more data or details
when a software has an issue there are diagnostic tools
but we don't have diagnostic tools for IFW
massimo
Steven
|