Giorgos Keramidas wrote:
On 2004-08-04 20:31, Srot BULL <[EMAIL PROTECTED]> wrote:

On 2004-08-04 17:13, Srot BULL <[EMAIL PROTECTED]> wrote:

Why are the above firewall logs telling me that it has denied my TCP
packets and yet I am not experiencing some problems in my emails and
access to the internet through port 80. [...]

Giorgos Keramidas wrote: Show us the full ruleset. Otherwise we're just guessing...

$CMD 00240 allow tcp from me to any out via $IFN setup keep-state uid root
Hmm.  I'm not sure if this is a good idea, but it's unrelated to the
denied packets you're seeing :-/

I will RTFM about this...Thank you.

$CMD 00300 deny all from to any in via $IFN
$CMD 00301 deny all from to any in via $IFN
$CMD 00302 deny all from to any in via $IFN
You might want to also deny incoming packets from these addresses, or fall
back to the default firewall rule -- whatever that rule is ("deny log all"
in your case).

I think I can do this...I guess...

$CMD 00305 deny all from to any in via $IFN
Hmmm, what is this address block supposed to be here for?

I am sorry, I only copied this ruleset from the article...I really need to get back in RTFM and read again the article...maybe I missed something.

#reserved for doc's#
$CMD 00307 deny all from to any in via $IFN
And this one?

This one too...

A better approach that will avoid forcing everyone to wait until their
connections times out is to reply with an RST packet, which is the standard
way TCP would reply if no auth/ident service was running at all.

I need some reading to understand what you just advised...Thank you.

Fragments are not late-arriving packets ;-)

#* Reject & Log all incoming connections from the outside *#
$CMD 00499 deny log all from any to any in via $IFN
This one is redundant, since it will only do the same as the one below:


# Everything else is denied by default
# DENY and LOG all packets that fell through to see what they are
$CMD 00999 deny log all from any to any

My basis for my rulesets are taken from:
AFAIK, the author of the page is a reader of the list too. I can't find
anything wrong with the syntax of your rules. The only weird thing I noticed
were the two hard-wired address blocks I mentioned above. Perhaps the author
of the initial ruleset can help you more ;)

It was kind enough for the author to drop me an email...
and, thank you for your advices too...I will base my rulesets from yours and other peoples' advices, and re-read that article for a better understanding...and maybe I can tune my rulesets more to better fit my system.
Have a nice day...

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to