Incoming RST being blocked even though it is allowd by IPF rule

Wed, 25 Jul 2007 06:39:56 -0700
Was: IPFilter 4.1.13 on Solaris 8 ... What am I missing? ... Getting closer ... Maybe? 


My trusted local hosts being blocked still prohibits me from 
iplementing a much-needed IPFilter filrewall.  

  
Test scenario:  

  1) NIS+ client with IPF firewall - no unexpected blocks reported in 
ipmonlog  
  2) NIS+ replica with IPF firewall, 123.456.70.43, blocks packets from 
NIS+ master, 123.456.70.11,  
  (as shown below) when NIS+ master executes "nisping -Ca" to 
syncronize replica.  

  
ipmonlog:  

23/07/2007 13:55:39.356410 2x eri0 @0:69 b 123.456.70.11,32772 -> 
123.456.70.43,47736 PR tcp len 20 40 -R IN 
23/07/2007 13:55:44.162312 eri0 @0:69 b 123.456.70.11,32772 -> 
123.456.70.43,47736 PR tcp len 20 40 -R IN 
23/07/2007 13:55:53.782511 eri0 @0:69 b 123.456.70.11,32772 -> 
123.456.70.43,47736 PR tcp len 20 40 -R IN 

 
Below, refer to the ipstat display and the applicable ipf rules.  
 

The packets are blocked as described above with or w/o rule 43. Rules 
41-45, 48-52, 
and 55-59 were my attempt to allow know flags (from prevous tests) to 
be passed. 

 
Rule 43: 

@43 pass in quick proto tcp from 123.456.70.0/26 to any flags R/FSRPAU 
keep state keep frags 

 
Why didn't rule 43 allow these packets to be passed? 
 
Again, I hope that you will point out what I am missing.  
  
Charles

ipf.conf:
...

 pass in     quick proto tcp from 123.456.70.0/26   to any          
keep frags keep state
 pass in     quick proto tcp from 123.456.70.0/26   to any flags S  
keep frags keep state
 pass in     quick proto tcp from 123.456.70.0/26   to any flags A  
keep frags keep state
 pass in     quick proto tcp from 123.456.70.0/26   to any flags R  
keep frags keep state
 pass in     quick proto tcp from 123.456.70.0/26   to any flags AS 
keep frags keep state
 pass in     quick proto tcp from 123.456.70.0/26   to any flags AF 
keep frags keep state

pass in     quick proto udp from 123.456.70.0/26  to any keep state
...  
  
ipfstat -in 
@1 block in quick proto udp from any to 123.456.71.255/32 port = 631 
@2 block in quick proto udp from any to 123.456.71.255/32 port = 137 
@3 block in quick proto udp from any to 123.456.71.255/32 port = 138 
@4 block in quick proto udp from any to 123.456.71.255/32 port = 139 
@5 block in quick proto udp from any to 255.255.255.255/32 
@6 block in quick proto tcp from any to any port = 135 
@7 block in quick proto udp from any to any port = 137 
@8 block in quick proto udp from any to any port = 138 
@9 block in quick proto tcp from any to any port = 139 
@10 block in quick proto udp from any to any port = 1026 
@11 block in quick proto udp from any to any port = 1027 
@12 block in quick proto 2 from any to 224.0.0.1/32 
@13 block in quick proto tcp/udp from any to any port = 445 
@14 block in quick proto tcp/udp from any to any port = 1433 
@15 block in quick proto tcp/udp from any to any port = 1434 
@16 block in quick proto tcp/udp from any to any port = 4899 
@17 block in quick proto tcp/udp from any to any port = 3306 

@18 pass in quick proto tcp from 123.456.68.1/32 to any keep state keep 
frags 

@19 pass in quick proto udp from 123.456.68.1/32 to any keep state 

@20 pass in quick proto tcp from 246.82.1.201/32 to any keep state keep 
frags 

@21 pass in quick proto udp from 246.82.1.201/32 to any keep state 

@22 pass in quick proto tcp from 246.82.1.202/32 to any keep state keep 
frags 

@23 pass in quick proto udp from 246.82.1.202/32 to any keep state 

@24 pass in quick proto tcp from 246.82.1.203/32 to any keep state keep 
frags 

@25 pass in quick proto udp from 246.82.1.203/32 to any keep state 

@26 pass in quick proto tcp from 246.82.1.204/32 to any keep state keep 
frags 

@27 pass in quick proto udp from 246.82.1.204/32 to any keep state 

@28 pass in quick proto tcp from 246.82.161.16/32 to any keep state 
keep frags 

@29 pass in quick proto udp from 246.82.161.16/32 to any keep state 

@30 pass in quick proto tcp from 246.82.247.34/32 to any keep state 
keep frags 

@31 pass in quick proto udp from 246.82.247.34/32 to any keep state 

@32 pass in quick proto tcp from 246.82.247.66/32 to any keep state 
keep frags 

@33 pass in quick proto udp from 246.82.247.66/32 to any keep state 

@34 pass in quick proto tcp from 246.82.247.98/32 to any keep state 
keep frags 

@35 pass in quick proto udp from 246.82.247.98/32 to any keep state 

@36 pass in quick proto tcp from 246.82.162.243/32 to any keep state 
keep frags 

@37 pass in quick proto udp from 246.82.162.243/32 to any keep state 

@38 pass in quick proto tcp from 246.82.162.242/32 to any keep state 
keep frags 

@39 pass in quick proto udp from 246.82.162.242/32 to any keep state 

@40 pass in quick proto tcp from 123.456.70.0/26 to any keep state keep 
frags 
@41 pass in quick proto tcp from 123.456.70.0/26 to any flags S/FSRPAU 
keep state keep frags 
@42 pass in quick proto tcp from 123.456.70.0/26 to any flags A/FSRPAU 
keep state keep frags 
@43 pass in quick proto tcp from 123.456.70.0/26 to any flags R/FSRPAU 
keep state keep frags 
@44 pass in quick proto tcp from 123.456.70.0/26 to any flags SA/FSRPAU 
keep state keep frags 
@45 pass in quick proto tcp from 123.456.70.0/26 to any flags FA/FSRPAU 
keep state keep frags 

@46 pass in quick proto udp from 123.456.70.0/26 to any keep state 

@47 pass in quick proto tcp from 123.456.70.64/27 to any keep state 
keep frags 
@48 pass in quick proto tcp from 123.456.70.64/27 to any flags S/FSRPAU 
keep state keep frags 
@49 pass in quick proto tcp from 123.456.70.64/27 to any flags A/FSRPAU 
keep state keep frags 
@50 pass in quick proto tcp from 123.456.70.64/27 to any flags R/FSRPAU 
keep state keep frags 
@51 pass in quick proto tcp from 123.456.70.64/27 to any flags 
SA/FSRPAU keep state keep frags 
@52 pass in quick proto tcp from 123.456.70.64/27 to any flags 
FA/FSRPAU keep state keep frags 

@53 pass in quick proto udp from 123.456.70.64/27 to any keep state 

@54 pass in quick proto tcp from 123.456.70.96/28 to any keep state 
keep frags 
@55 pass in quick proto tcp from 123.456.70.96/28 to any flags S/FSRPAU 
keep state keep frags 
@56 pass in quick proto tcp from 123.456.70.96/28 to any flags A/FSRPAU 
keep state keep frags 
@57 pass in quick proto tcp from 123.456.70.96/28 to any flags R/FSRPAU 
keep state keep frags 
@58 pass in quick proto tcp from 123.456.70.96/28 to any flags 
SA/FSRPAU keep state keep frags 
@59 pass in quick proto tcp from 123.456.70.96/28 to any flags 
FA/FSRPAU keep state keep frags 

@60 pass in quick proto udp from 123.456.70.96/28 to any keep state 

@61 pass in quick proto tcp from 123.456.0.0/16 to any port = 22 keep 
state keep frags 
@62 pass in quick proto tcp from 246.82.0.0/16 to any port = 22 keep 
state keep frags 
@63 pass in quick proto tcp from any port = 22 to any keep state keep 
frags 
@64 pass in quick proto tcp from 123.20.54.241/32 to any port = 22 keep 
state keep frags 
@65 pass in quick proto tcp from 456.115.209.28/32 to any port = 22 
keep state keep frags 
@66 pass in quick proto tcp from 246.169.43.83/32 to any port = 22 keep 
state keep frags 

@67 pass in quick proto icmp from any to any 

@68 pass in quick proto tcp from any to any port = 80 keep state keep 
frags 

@69 block in log quick all 
________________________________________________________________________ 


Check Out the new free AIM(R) Mail -- Unlimited storage and 
industry-leading spam and email virus protection. 

=0 


________________________________________________________________________

Check Out the new free AIM(R) Mail -- Unlimited storage and 
industry-leading spam and email virus protection.

=0





























					Reply via email to