[Shorewall-newbies] Shorewall 1.4.9 + Reject/Drop/Stealth
Ow Mun Heng
ow.mun.heng at wdc.com
Tue Jan 27 15:07:10 PST 2004
> -----Original Message-----
> From: Tom Eastep [mailto:teastep at shorewall.net]
> Sent: Wednesday, January 14, 2004 5:52 AM
Shorewall version 1.4.7
RH9 + Kernel 2.4.24
Quoting from the release notes
2) To cut down on the number of "Why are these ports closed rather than
stealthed?" questions, the SMB-related rules in
/etc/shorewall/common.def have been changed from 'reject' to 'DROP'.
So.. does this mean that now, when I audit/scan my PC's firewall rules
from places like auditmypc.com etc.. I won't get the <CLOSED> status? and
then having them tell me that my ports are actually responding and that
is not a good way to go??
I tried changing the all2all from REJECT to DROP and re-running it, but
still get the warning.
Challenge my understanding(or lack of).. Please.
6) The default value for NEWNOTSYN in shorewall.conf is now "Yes"
(non-syn TCP packets that are not part of an existing connection are
filtered according to the rules and policies rather than being
dropped). I have made this change for two reasons:
a) NEWNOTSYN=No tends to result in lots of "stuck" connections since
any timeout during TCP session tear down results in the firewall
dropping all of the retries.
b) The old default of NEWNOTSYN=No and LOGNEWNOTSYN=info resulted in
lots of confusing messages when a connection got "stuck". While I
could have changed the default value of LOGNEWNOTSYN to suppress
logging, I dislike defaults that silently throw away packets.
During my web-surfing sessions, I tend to see a few of these newnotsyn
and I'm wonderig if this is cos the webserver's actually just pinging (some
are ICMP packets)
my box due to item 6(a)
More information about the Shorewall-newbies