[Shorewall-newbies] UDP replys not dropped
larryp at inow.com
Wed Jan 7 10:03:38 PST 2004
On Wed, 7 Jan 2004, Ingo Lantschner wrote:
> Date: Wed, 7 Jan 2004 18:30:46 +0100 (CET)
> From: Ingo Lantschner <ingo.lists at vum.at>
> Reply-To: ingo at vum.at
> To: shorewall-newbies at lists.shorewall.net
> Subject: Re: [Shorewall-newbies] UDP replys not dropped
> > a) cd /etc/shorewall
> > b) cp common.def common
> > c) <edit 'common' and replace the REJECT to DROP for UDP 137:139>
> > d) shorewall restart
> Hi Tom, first of all thanks for your answer! Following your proposal I
> still got this from tcpdump -i ppp0
> 16:53:55.240375 220.127.116.11.2637 > 18.104.22.168.135: S
> 16:53:55.240601 22.214.171.124.135 > 126.96.36.199.2637: R
> 16:55:59.210377 188.8.131.52.1104 > 184.108.40.206.microsoft-ds: S
> 16:55:59.210632 220.127.116.11.microsoft-ds > 18.104.22.168.1104: R
> After a while I realized that these were *TCP* -requests, which are
> rejectted by a rule in common. Changing common:
> run_iptables -A common -p udp --dport 135 -j DROP
> run_iptables -A common -p udp --dport 137:139 -j DROP
> run_iptables -A common -p udp --dport 445 -j DROP
> run_iptables -A common -p tcp --dport 139 -j DROP
> run_iptables -A common -p tcp --dport 445 -j DROP
> run_iptables -A common -p tcp --dport 135 -j DROP
> Now it seems as if I have peace from these Netbios-chatter :-)
> But also I have every minute this one:
> 16:56:08.890368 22.214.171.124 > 126.96.36.199: igmp query v2 [ttl 1]
> So the idle-option of pppd does never work.
> May be, that I am asking too much from a firewall, if I want it to protect
> my dialup-connection from any packet of the outside ...
> Beside of this, Shorewall is an exceptional usefull tool, and the
> documentation is a dream! Since it is available also in French, we will
> use it soon in a BnB-Project in Congo, very helpfull for us - thanks!
> Bye, Ingo.
Idle will work when also used with "active-filter 'outbound' "
but your pppd and kernel have to be compiled to support it.
I use Bering-uclibc version 2.0 for firewalling and doing the dialing,
this can be found in the http://leaf.sf.net project.
my ISP send such traffic every 30 seconds.
Larry Platzek larryp at inow.com
More information about the Shorewall-newbies