Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Bug in SuSEfirewall2 when blocking a range of ports with custom rules ?
  • From: malte_gell@xxxxxxxxxxx (Malte Gell)
  • Date: Wed, 7 May 2003 20:05:57 +0200
  • Message-id: <200305072005.57434.malte_gell@xxxxxxxxxxx>
Hello,

I just blocked a range of ports via firewall2-custom.rc.config, just as
an example:

for target in DROP; do
for chain in input_ext input_dmz input_int forward_int forward_ext
forward_dmz; do

iptables -A $chain -j $target -p tcp --dport 4000:6000

done
done

the used section is fw_custom_before_port_handling. The iptables syntax
seem to be okay, but if I do this and connect to the ISP SuSEfirewall2
seem to block every incoming connection, so the connections seems to be
"dead", though establishing the connection is okay.

When blocking a single port e.g. with

iptables -A $chain -j $target -p tcp --dport 4001

it works fine and no problems occur.

So, is there a known problem when blocking a whole range of ports with
the "X:Y" syntax of iptables and SuSEfirewall2 ? The used version is
SuSEfirewall2 2.1.

Thanx
Malte


< Previous Next >
This Thread
  • No further messages