Mailinglist Archive: opensuse-security (670 mails)

[d_lord@xxxxxx]

Hi list,

maybe my question is a bit stupid but I can't find
a useful answer myself (usual way FAQ, google....).
So let's have a look if YOU know more about this *gg*.

I have set up a ipchains script. Default deny all.
I don't want squid to go through the whole port range
1024-65355 but limit the use on ports from 1024:3120
I've tried different ACL's and non of them worked for me.
Now I think there should be another option but I just
can't find it :-(

My squid is Version 2.4
ipchains    Version 1.3.10

Output Rule:
ipchains -A output -i $EXT -p tcp -s $EXTIP 1024:3120 --dport 80 -j ACCEPT

All works fine till squid tries to use port 3121 :-(

Now I get those ugly messages in /var/log/messages
..kernel: Packet log: output DENY eth0 Proto=6 IP1:Port>3120 IP2:80....

init 1 and back is the only option I know to get rid of this
without opening the firewall.

I would be glad if you know a fix for this problem


        D. Lord

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net