Re: iptables and INVALID packet filtering.

To: debian-firewall@lists.debian.org
Cc: "debian-firewall@lists.debian.org" <debian-firewall@lists.debian.org>
Subject: Re: iptables and INVALID packet filtering.
From: Daniel Curtis <sidetripping@gmail.com>
Date: Fri, 5 Apr 2013 17:29:55 +0200
Message-id: <[🔎] CAASvXNsm_+mRaO2uoWsR0iwH4_2gSSLHZ14HRb_wy4uLhRDQ3Q@mail.gmail.com>
In-reply-to: <[🔎] 82506A86-4FCA-4F5A-A37A-7C89EEC4F050@AandRSecurity.com>
References: <[🔎] CAASvXNseOJy8__QFKFir=nUmCGZDR47vFFYkeToCO3=PYp7sCw@mail.gmail.com> <[🔎] 515E059E.4080508@plouf.fr.eu.org> <[🔎] B57F1D41-A448-439A-A912-EF921511C1CD@AandRSecurity.com> <[🔎] CAASvXNtqJbKpPXXwLtr-680exHBx7EyDreWBovHdEMFAFnWdGw@mail.gmail.com> <[🔎] 82506A86-4FCA-4F5A-A37A-7C89EEC4F050@AandRSecurity.com>

Hi Matthew

How can I use Reverse Path filtering in the kernel? You
mean this option, right?; /proc/sys/net/ipv4/conf/*/rp_filter

Sorry, but I do not understand how to drop "out of state"
packets with the INVALID rules.

My logs:

Apr 5 17:18:18 t4 kernel: [13107.296065] INVALID OUT: IN=
OUT=eth0 SRC="" DST=173.194.44.32 LEN=446
TOS=0x00 PREC=0x00 TTL=64 ID=36621 DF PROTO=TCP
SPT=59041 DPT=443 WINDOW=14600 RES=0x00 ACK PSH
FIN URGP=0

Apr 5 15:29:40 t4 kernel: [ 6589.698710] INVALID IN: IN=eth0
OUT= MAC=mac_address_ SRC="" DST=192.168.5.200
LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=40504 PROTO=TCP
SPT=443 DPT=56236 WINDOW=0 RES=0x00 RST URGP=0

and so on... Is there something wrong, strange?

Reply to:

Follow-Ups:
- Re: iptables and INVALID packet filtering.
  - From: Matthew Babcock <MBabcock@AandRSecurity.com>

References:
- iptables and INVALID packet filtering.
  - From: Daniel Curtis <sidetripping@gmail.com>
- Re: iptables and INVALID packet filtering.
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables and INVALID packet filtering.
  - From: Matthew Babcock <MBabcock@AandRSecurity.com>
- Re: iptables and INVALID packet filtering.
  - From: Daniel Curtis <sidetripping@gmail.com>
- Re: iptables and INVALID packet filtering.
  - From: Matthew Babcock <MBabcock@AandRSecurity.com>

Prev by Date: Re: iptables and INVALID packet filtering.
Next by Date: Re: iptables and INVALID packet filtering.
Previous by thread: Re: iptables and INVALID packet filtering.
Next by thread: Re: iptables and INVALID packet filtering.
Index(es):
- Date
- Thread