SuSEFirewall 2 / SuSE 8.1 accepting packets it should not
Hi List, checking my logs today I found that my firewall accepts some (not all!) packets to TCP high ports, although I thought I had them all closed. The firewall script is the latest update for 8.1, the system is SuSE 8.1 with all current patches installed. Any ideas? Here is my firewall configuration: FW_DEV_EXT="ppp0 ippp0" FW_DEV_INT="eth0 ippp1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/16" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" # <<<<< !!!!! FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="yes" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="" # Beware to use this! FW_FORWARD_MASQ="" # Beware to use this! FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="yes" FW_IGNORE_FW_BROADCAST="no" FW_ALLOW_CLASS_ROUTING="yes" FW_QUICKMODE="no" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_CUSTOMRULES="" FW_REJECT="no" Here is an excerpt from the logs: Oct 23 19:58:03 akira kernel: SuSE-FW-ACCEPT IN=ppp0 OUT= MAC= SRC=217.82.120.18 6 DST=80.134.29.51 LEN=64 TOS=0x00 PREC=0x00 TTL=124 ID=63058 DF PROTO=TCP SPT=3 822 DPT=4662 WINDOW=44032 RES=0x00 SYN URGP=0 OPT (020405AC010303030101080A00000 0000000000001010402) Oct 23 19:58:03 akira kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=217.82. 120.186 DST=80.134.29.51 LEN=64 TOS=0x00 PREC=0x00 TTL=124 ID=63058 DF PROTO=TCP SPT=3822 DPT=4662 WINDOW=44032 RES=0x00 SYN URGP=0 OPT (020405AC010303030101080 A000000000000000001010402) Oct 23 19:58:05 akira kernel: SuSE-FW-ACCEPT IN=ppp0 OUT= MAC= SRC=217.82.120.18 6 DST=80.134.29.51 LEN=64 TOS=0x00 PREC=0x00 TTL=124 ID=63258 DF PROTO=TCP SPT=3 822 DPT=4662 WINDOW=44032 RES=0x00 SYN URGP=0 OPT (020405AC010303030101080A00000 0000000000001010402) Oct 23 19:58:05 akira kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=217.82. 120.186 DST=80.134.29.51 LEN=64 TOS=0x00 PREC=0x00 TTL=124 ID=63258 DF PROTO=TCP SPT=3822 DPT=4662 WINDOW=44032 RES=0x00 SYN URGP=0 OPT (020405AC010303030101080 A000000000000000001010402) Oct 23 19:58:11 akira kernel: SuSE-FW-ACCEPT IN=ppp0 OUT= MAC= SRC=217.0.221.1 D ST=80.134.29.51 LEN=52 TOS=0x00 PREC=0x00 TTL=124 ID=48006 DF PROTO=TCP SPT=4351 DPT=4662 WINDOW=32767 RES=0x00 SYN URGP=0 OPT (020405AC0103030001010402) Oct 23 19:58:11 akira kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=217.0.2 21.1 DST=80.134.29.51 LEN=52 TOS=0x00 PREC=0x00 TTL=124 ID=48006 DF PROTO=TCP SP T=4351 DPT=4662 WINDOW=32767 RES=0x00 SYN URGP=0 OPT (020405AC0103030001010402) Bye, Jürgen
participants (1)
-
Juergen.Mell@t-online.de