Bug#540074: netfilter leaking traffic when long chains defined
Hello Bastian.
Re: Bug#540074: netfilter leaking traffic when long chains defined
Sorry for the delay. For some reason I did not get a copy of your email, and I just found your messages on an internet archive.
tcp 0 0 10.0.0.8:9999 118.168.141.172:3388 ESTABLISHED
This is an established connection. No evidence where the packets come
from.
Right. Port 9999 is a listening port (in this case listening for http requests (provided by didiwiki), so presumably the host at 118.168.141.172 made a connection, even though it is not in the address whitelist, as far as I can tell.
For details of configuration scripts and test data, refer to bug #534963
This is not nearly complete. Please show the _complete_ config.
That is the complete configuration, as far as I can tell. What element of the configuration do you believe is missing?
> please use a sniffer and record the packets going through.
The service port 9999 is being used frequently by computers on the internal LAN. I have tcpdump that I could use here, but I only want to log only packets coming in externally (ie not coming from 10.0.0.*) for the purpose of this report. Do you know of a way of achieving that or is there another sniffer that you suggest that I use?
Thanks in advance.
Mark.
Reply to: