Bug #4770
closed
Packet Filter Reject IPSEC packets
Added by Nei Ka almost 9 years ago.
Updated about 8 years ago.
Description
Periodically the firewall starts firewalling traffic coming through one or more IPSEC tunnels. Doing "Filter Reload" or restarting IPSEC sometimes works. Otherwise the firewall needs a reboot.
This only started occurring after upgrade from 2.1.x to 2.2.x
Files
- Status changed from New to Feedback
what's the rule that's blocking it? click the red X.
doubt this is a bug, probably something like Snort enabled with auto-blocking and triggering something there.
@5(1000000103) block drop in log inet all label "Default deny rule IPv4"
We aren't running anything clever like snort. And we obviously haven't changed the firewall rules. See attached for the current rules. The greyed out rule was added previously when this problem occurred.
Can you also describe your tunnel configuration here?
How much detail do you want? I'd rather not leak all our info onto the net.
Just what algorithms and what version of ipsec you are using.
Preferably send me /var/etc/ipsec/ipsec.conf and /tmp/rules.debug to eri@
- Category set to Rules / NAT
Nei: is this something you can still replicate on latest version?
I haven't heard of any such issues from anyone else, but would like to take a look at your system if you're still having an issue on 2.2.6 or 2.3.
We are on 2.2.6 all round now and don't seem to be having this issue any more.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Ermal Luçi 
