[Shorewall-users] Shore 1.3.7c/ ipt_unclean messages

Tom Eastep teastep at shorewall.net
Thu, 19 Sep 2002 08:06:37 -0700


This is a cryptographically signed message in MIME format.

--------------ms010501080606020801090202
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Jonathan Day wrote:
> Hello;
> 
> I am having a problem with ipt_unclean packets; There are loads of em!! and
> wondered if anyone else has had this problem; and if there is a solution.
> This did not happen with earlier versions of Shorewall (pre 1.3.4).

That's remarkable given that it is the kernel that decides what is unclean 
and not Shorewall.

> 
> Im using shorewall between my SuSE7.2 Linux Server acting as firewall/ proxy
> server for my local network.  It is connected to the internet via ISDN.
> 
> My set-up is SuSE7.2 ( all latest patches as of today ) and Shorewall
> 1.3.7c; My Kernel is version 2.4.16-4GB (dates 16th April) from SuSE updates
> site.
> 

And did you recently upgrade your kernel?

> The messages in syslog are as follows:-
> 
> Sep 19 15:42:54 suse72 kernel: ipt_unclean: TCP flags bad: 4
> Sep 19 15:42:54 suse72 kernel: Shorewall:logpkt:LOG:IN=ppp0 OUT= MAC=
> SRC=65.54.249.190 DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=49
> ID=49128 DF PROTO=TCP SPT=80 DPT=33263 WINDOW=0 RES=0x00 RST URGP=0
> 

Ah -- Windoze update; why am I not surprised?

My suggestion is to either:

a) Turn off 'logunclean' on ppp0 (I only turn it on if I'm troubleshooting 
a connection problem); or
b) Set LOGUNCLEAN=debug so that the messages will only be routed to 
debugging syslog destinations.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

--------------ms010501080606020801090202
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJVDCC
AwgwggJxoAMCAQICAwhOLTANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNV
BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx
HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl
bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAyMDkxODIxMTQxN1oXDTAzMDkxODIxMTQxN1owRzEf
MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEkMCIGCSqGSIb3DQEJARYVdGVhc3Rl
cEBzaG9yZXdhbGwubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdDPv/q5
adQCmEtbNtdWcsmF7qO5Eg5JkvI50WkiCkcv89KfsRA6tFGtsgIOsgU5l3wDQSzqEVX0MfIV
qpn7ycZJ6823cuvXXjBQwwpqVSlpJkHhpd1uCCLomkfPAxKdfBNAjh4E1ZgHuur7GAWc0iBd
2n9oJ9wBg8gDQP9ViYU4+x2z/7muvY4RuzL5eF+mtzx4UtSx9CFqu1n8uNIu44T4CXRZ8HwT
Hg2eC61x6E6XFV48Oid9t8qmKXjUGINJ3hbXwQmees3K/ZrGYZ+FPoOJyWn+PpvrNQrVvkp5
a7YblgaoLX1dS5QGgsl9XhRz6sqzvklAd7eh4g0JoWOD4QIDAQABozIwMDAgBgNVHREEGTAX
gRV0ZWFzdGVwQHNob3Jld2FsbC5uZXQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOB
gQDakl1XW6IrAL4ZG+WtwT5GqQLPnFgbHjo/s88xvvdQRRhgd//uW81hQUk5tHkBisJKgHcv
F1trxcylWylrSSLf2TANtw0M8kvW9clJe5xZieyshemLvEWHsC4mItPiId9dWaZQX90L9yZz
0qi8iTlmU5i8JPeiJJVwwmQJNI93LzCCAwgwggJxoAMCAQICAwhOLTANBgkqhkiG9w0BAQQF
ADCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw
ZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2Vz
MSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMB4XDTAyMDkxODIx
MTQxN1oXDTAzMDkxODIxMTQxN1owRzEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJl
cjEkMCIGCSqGSIb3DQEJARYVdGVhc3RlcEBzaG9yZXdhbGwubmV0MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAvdDPv/q5adQCmEtbNtdWcsmF7qO5Eg5JkvI50WkiCkcv89Kf
sRA6tFGtsgIOsgU5l3wDQSzqEVX0MfIVqpn7ycZJ6823cuvXXjBQwwpqVSlpJkHhpd1uCCLo
mkfPAxKdfBNAjh4E1ZgHuur7GAWc0iBd2n9oJ9wBg8gDQP9ViYU4+x2z/7muvY4RuzL5eF+m
tzx4UtSx9CFqu1n8uNIu44T4CXRZ8HwTHg2eC61x6E6XFV48Oid9t8qmKXjUGINJ3hbXwQme
es3K/ZrGYZ+FPoOJyWn+PpvrNQrVvkp5a7YblgaoLX1dS5QGgsl9XhRz6sqzvklAd7eh4g0J
oWOD4QIDAQABozIwMDAgBgNVHREEGTAXgRV0ZWFzdGVwQHNob3Jld2FsbC5uZXQwDAYDVR0T
AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQDakl1XW6IrAL4ZG+WtwT5GqQLPnFgbHjo/s88x
vvdQRRhgd//uW81hQUk5tHkBisJKgHcvF1trxcylWylrSSLf2TANtw0M8kvW9clJe5xZieys
hemLvEWHsC4mItPiId9dWaZQX90L9yZz0qi8iTlmU5i8JPeiJJVwwmQJNI93LzCCAzgwggKh
oAMCAQICEGZFcrfMdPXPY3ZFhNAukQEwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMR
VGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3
DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4MzAwMDAwMDBaFw0w
NDA4MjcyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIw
EAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNh
dGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAwLjguMzAw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZgpcO40Qp
imM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqdknWoJ67Y
cvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ7JRr6aFpAgMBAAGj
TjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTI5NzASBgNVHRMB
Af8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQAxsUtHXfkBceX1
U2xdedY9mMAmE2KBIqcS+CKV6BtJtyd7BDm6/ObyJOuR+r3sDSo491BVqGz3Da1MG7wD9LXr
okefbKIMWI0xQgkRbLAaadErErJAXWr5edDqLiXdiuT82w0fnQLzWtvKPPZE6iZph39Ins6l
n+eE2MliYq0FxjGCAycwggMjAgEBMIGaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2Vz
dGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UE
CxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJT
QSAyMDAwLjguMzACAwhOLTAJBgUrDgMCGgUAoIIBYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0wMjA5MTkxNTA2MzdaMCMGCSqGSIb3DQEJBDEWBBTVTwau
kiJXDZpnGtVH4NTW/k+KYTBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBrQYLKoZI
hvcNAQkQAgsxgZ2ggZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx
EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp
Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z
MAIDCE4tMA0GCSqGSIb3DQEBAQUABIIBAIMYt8PrcMqA/tAcfNqv3N+yiP1JPmLSLv1hBZkM
miAAgFIMF7d1I3Znd55nhOLcjU+ZsdKrgRBAnvux5KnKgf3SF1foJkPg4n4mYLb5gXCpMIE1
hkVmoh5p66pu7Dj/T/FPkQ6fT1KQy2qcu+t1LaOoNTbgurAZDosI6CDMbfDRlna4X0o5yBCC
gMHL7GEZe5z42HXKUk9r2iUp0yVXRnag/0P/Csvyv+nm0TyqRGpxgCWuWB1hjZ7OUd8zv4qL
X0a1aof2mzDmVglJ+YIJwRN2F4eL881qRkqcJ/khvVh2lCAOI35UTmxMOV3vLRJol++XuWnE
v5P4glGsAtTitpAAAAAAAAA=
--------------ms010501080606020801090202--