[Shorewall-newbies] UDP replys not dropped

Ingo Lantschner ingo.lists at vum.at
Tue Jan 6 16:43:48 PST 2004

Hi all,

just wondered about the following:

20:35:05.854626 > NBT UDP \
20:35:05.854884 > icmp: udp \
port netbios-ns unreachable [tos 0xc0]

because i have the following policy:

#SOURCE         DEST            POLICY

loc             net             ACCEPT
fw              net             ACCEPT
net             all             DROP            info
all             all             REJECT          info

and nothing about netbios-ns or 135 in the policy-file.

For my understanding, the fw should NOT answer the udp-packet.

I thought it is because UDP is connectionless, and so the FW can not 
check, if it is part of a ongoing communication??

The problem I have, is that such trafic makes the "idle 60" option in my 
/etc/ppp/options useless, because there is always such a request within 60 
seconds. So the modem never hangs up.

Regards, Ingo.

