[Shorewall-users] Re: Shorewall-users Digest, Vol 13, Issue 9

Francesca C Smith fsmith at ladylinux.com
Wed Dec 3 11:58:08 PST 2003


You are over engineering your firewall rules .. Real does not need to 
connect to your client machine ..

It tries to do that idiotic pop-up .. You can drop the 6970,6971 requests

I personally do the reverse .. on out bound that is .. I block all the 
nasty ports .. and allow the rest ..

This serves a Baltimore Row House with 4 wireless clients off one ADSL 

No one has complained yet about anything related to using the Internet and 
they are protected from it .. And themselves ..

My Rules ... Including DMZ Rules ..


# No Logging Bogus In-Bound Real
DROP            net             loc             udp     6970:7170
#MicroCrap Ports
DROP            loc             net             tcp 
DROP            loc             dmz             udp 
DROP            loc             dmz             tcp 
DROP            loc             net             udp 

Note: The DROP rule suppresses the logging of the real pop up requests .


At 11:28 AM 12/3/2003, you wrote:
>Dec  3 15:09:06 Router kernel: Shorewall:net2wlan:DROP:IN=ppp0 OUT=wlan0
>SRC= DST= LEN=520 TOS=0x00 PREC=0x00 TTL=53
>PROTO=UDP SPT=1339 DPT=6790 LEN=500
>Whats my mistake now ?

"No Problems Only Solutions"
Francesca C. Smith
Lady Linux Internet Services
fsmith at ladylinux.com

More information about the Shorewall-users mailing list