bad_tcp_packets question

To: debian-firewall@lists.debian.org
Subject: bad_tcp_packets question
From: "Remy C. Cool" <dev-python@smartology.nl>
Date: Tue, 15 Jul 2003 14:05:34 +0200
Message-id: <[🔎] 200307151405.34149.dev-python@smartology.nl>
Reply-to: dev-python@smartology.nl

Hello,

In the example from Oskar Andreasson's tutorial, the bad_tcp_packets 
rules filter out NEW packets which have no SYN flag set.

$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m 
state --state NEW -j REJECT --reject-with tcp-reset

When I use i.e. Kazaa from a desktop with socks5, the firewall created 
a lot of log messages concerning new-not-syn packets. After a bit of 
experimenting I could bring back 90% of these messages using the 
following rule inserted at the top of bad_tcp_packets:

$IPTABLES -A bad_tcp_packets -p tcp -m state --state ESTABLISHED, 
RELATED -j RETURN

The packets get handled by the rules for socks (danted) and if not get 
logged and then dropped. 

My question now is, does this rule geopardize the safety of this 
firewall box ... I don't think it could or should but it couldn't 
hurt to ask some expert opinions.

Regards,
Remy Cool

Reply to:

Prev by Date: unsubscribe
Next by Date: Re: LRP scripting
Previous by thread: Re:
Next by thread: Multiport NIC's - Recommendations?
Index(es):
- Date
- Thread