comp.security.firewalls archive
SuSEfirewall2-custom rules not working?
Date: Sun Jun 26 2005 - 02:33:53 CEST
I am using SuSE 9.1 and SuSEfirewall2. I am trying to block port 1433 and
after Googling for examples, I have put the following rule into my
SuSEfirewall2-custom (IP address disguised):
fw_custom_before_denyall() { # could also be named "after_forwardmasq()"
# these are the rules to be loaded after IP forwarding and masquerading
# but before ...[snip]...
iptables -A INPUT -i eth0 -d 82.70.xxx.xxx -p tcp --dport 1433 -j DROP
true
}
But looking at the logs, I still see packets being accepted (3 entries
below). Can someone please explain?
Jun 25 17:23:22 mailhost kernel: SuSE-FW-ACCEPT IN=eth0 OUT=
MAC=00:02:44:16:17:0d:00:09:5b:00:6f:8c:08:00 SRC=82.67.164.238
DST=82.70.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=14310 DF PROTO=TCP
SPT=1233 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Jun 25 17:23:23 mailhost kernel: SuSE-FW-ACCEPT IN=eth0 OUT=
MAC=00:02:44:16:17:0d:00:09:5b:00:6f:8c:08:00 SRC=82.67.164.238
DST=82.70.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=14356 DF PROTO=TCP
SPT=1233 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Jun 25 17:23:24 mailhost kernel: SuSE-FW-ACCEPT IN=eth0 OUT=
MAC=00:02:44:16:17:0d:00:09:5b:00:6f:8c:08:00 SRC=82.67.164.238
DST=82.70.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=14406 DF PROTO=TCP
SPT=1233 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Thanks.
Received on Thu Sep 29 19:56:50 2005