> After 16 days of uptime (a new record) monowall went down. The device was
> rebooted but went down again a couple of hours later.
> It seems that denying ICMP data does prolong the uptime of monowall, but
> apparently it's not enough.
> My next steps are:
> 1) Deny fragmented packages in general
> 2) Move management to HTTPS
Mine is set for https access only - this is standard dor my setups.
> 3) Install an I-BOOT device (http://www.dataprobe.com/power/iboot.html)
> 4) Find out if anyone returned from vacation and if so - find out which
> hardware rejoined the setup.
> I have a couple of questions for the list:
> 1) Is there *ANY* way that mini_httpd can crash the entire box?
> 2) If you have a device that locks up: Are you allowing management from
I do not allow management from the WAN - but I do from all other interfaces.
> 3) If you have a device that locks up: Are you allowing any type of
> fragmented data?
In the Advanced tab I do have "Allow fragmentedt IPsec packets" checked.
> 4) Anyone getting closer to a solution?
I am at 6 days uptime (added an interface and had to reboot last week). I
am setting up a box to capture all packets on the WAN and LAN interfaces to
reference that to the lockups (try anyway). I hope to find time to get that
gear in place this week.