[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSEFirewall 2 / SuSE 8.1 accepting packets it should not



-----BEGIN PGP SIGNED MESSAGE-----

Hi Jürgen!

> So I definitely want the firewall to drop ALL these packet, not only
> some of them (each second packet, as it seems...)

I'm not using SuSE 8.1, so can't really help you with your problem,
but now that you mention it:

Oct 23 19:58:03 akira kernel: SuSE-FW-ACCEPT IN=ppp0 OUT= MAC=
SRC=217.82.120.186 DST=80.134.29.51 LEN=64 TOS=0x00 PREC=0x00 TTL=124
ID=63058 DF PROTO=TCP SPT=3822 DPT=4662 WINDOW=44032 RES=0x00 SYN
URGP=0 OPT (020405AC010303030101080A000000000000000001010402)

Oct 23 19:58:03 akira kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC=
SRC=217.82.120.186 DST=80.134.29.51 LEN=64 TOS=0x00 PREC=0x00 TTL=124
ID=63058 DF PROTO=TCP SPT=3822 DPT=4662 WINDOW=44032 RES=0x00 SYN
URGP=0 OPT (020405AC010303030101080A000000000000000001010402)

The above looks to me like *one* packet, which only gets logged twice
(same ID).  Maybe the new SuSE-FW2 logs the packet first like it
*would* accept it, but passes it on further down the chain until it
is finally dropped by the default rule.  Could there be a bug in the
new firewall script?  Marc or anyone?

Regards, Andy

- --
Andreas J. Mueller                            email: <andy@xxxxxxxxxx>
PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)

iQC9AwUBPbhHSfobN5o9QdlBAQHAiQU/ZI/AaeUbzejEU1Tlyr/qYXkcNj/RHqE5
Rf2a3bUM17zbrLhflRJcLANbmIaqnJuLUrt351/ftjjqMSSHjUP/ee//qoyY42ZJ
SVduTyzTwjV6oKoFTvUuMZMlKULkGxUgsasU33RQXfCDV9pkeYgeKTrhba2GWKea
fH7OXSoeZn2ZQpruqdQyA8zrQH8ucdE/7EJl6rvGXgtB6XBTVneVLU+N9I+6b2pg
=pcmw
-----END PGP SIGNATURE-----


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here