[
Date Prev
][
Date Next
] [
Thread Prev
][
Thread Next
] [
Date Index
] [
Thread Index
]
Re: iptables and INVALID packet filtering.
To
:
debian-firewall@lists.debian.org
Cc
: "
debian-firewall@lists.debian.org
" <
debian-firewall@lists.debian.org
>
Subject
: Re: iptables and INVALID packet filtering.
From
: Daniel Curtis <
sidetripping@gmail.com
>
Date
: Fri, 5 Apr 2013 17:29:55 +0200
Message-id
: <
[🔎]
CAASvXNsm_+mRaO2uoWsR0iwH4_2gSSLHZ14HRb_wy4uLhRDQ3Q@mail.gmail.com
>
In-reply-to
: <
[🔎]
82506A86-4FCA-4F5A-A37A-7C89EEC4F050@AandRSecurity.com
>
References
: <
[🔎]
CAASvXNseOJy8__QFKFir=nUmCGZDR47vFFYkeToCO3=PYp7sCw@mail.gmail.com
> <
[🔎]
515E059E.4080508@plouf.fr.eu.org
> <
[🔎]
B57F1D41-A448-439A-A912-EF921511C1CD@AandRSecurity.com
> <
[🔎]
CAASvXNtqJbKpPXXwLtr-680exHBx7EyDreWBovHdEMFAFnWdGw@mail.gmail.com
> <
[🔎]
82506A86-4FCA-4F5A-A37A-7C89EEC4F050@AandRSecurity.com
>
Hi Matthew
How can I use Reverse Path filtering in the kernel?
You
mean
this
option
, right?;
/proc/sys/net/ipv4/conf/*/rp_filter
Sorry, but I do not understand how to drop "out of state"
packets with the INVALID rules.
My logs:
Apr 5 17:18:18 t4 kernel: [13107.296065] INVALID OUT: IN=
OUT=eth0 SRC="" DST=173.194.44.32 LEN=446
TOS=0x00 PREC=0x00 TTL=64 ID=36621 DF PROTO=TCP
SPT=59041 DPT=443 WINDOW=14600 RES=0x00 ACK PSH
FIN URGP=0
Apr 5 15:29:40 t4 kernel: [ 6589.698710] INVALID IN: IN=eth0
OUT= MAC=mac_address_ SRC="" DST=192.168.5.200
LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=40504 PROTO=TCP
SPT=443 DPT=56236 WINDOW=0 RES=0x00 RST URGP=0
and so on... Is there something wrong, strange?
Reply to:
debian-firewall@lists.debian.org
Daniel Curtis (on-list)
Daniel Curtis (off-list)
Follow-Ups
:
Re: iptables and INVALID packet filtering.
From:
Matthew Babcock <MBabcock@AandRSecurity.com>
References
:
iptables and INVALID packet filtering.
From:
Daniel Curtis <sidetripping@gmail.com>
Re: iptables and INVALID packet filtering.
From:
Pascal Hambourg <pascal@plouf.fr.eu.org>
Re: iptables and INVALID packet filtering.
From:
Matthew Babcock <MBabcock@AandRSecurity.com>
Re: iptables and INVALID packet filtering.
From:
Daniel Curtis <sidetripping@gmail.com>
Re: iptables and INVALID packet filtering.
From:
Matthew Babcock <MBabcock@AandRSecurity.com>
Prev by Date:
Re: iptables and INVALID packet filtering.
Next by Date:
Re: iptables and INVALID packet filtering.
Previous by thread:
Re: iptables and INVALID packet filtering.
Next by thread:
Re: iptables and INVALID packet filtering.
Index(es):
Date
Thread