Netfilter GUI
Whit Blauvelt
whit@transpect.com
Fri, 14 Dec 2001 14:48:49 -0500
On Tue, Dec 11, 2001 at 07:29:36PM +0100, Simon Edwards wrote:
> Guarddog also produces very paranoid and tough firewalls...
Simon,
Perhaps your rules are too paranoid? When being tested on a 2.4.16 box
that's on a local MASQ'd network (behind a 2.2.20 kernel on the public
firewall), with "Served from Internet to Local" checked to be on for both
DNS and HTTP:
Dec 14 14:30:52 free kernel: DROPPED IN= OUT=eth0 SRC=192.168.9.1
DST=216.254.75.60 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP
SPT=1060 DPT=53 LEN=45
Dec 14 14:35:43 free kernel: DROPPED IN= OUT=eth0 SRC=192.168.9.1
DST=198.186.203.85 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=TCP SPT=1052
DPT=80 SEQ=1495883562 ACK=1762932562 WINDOW=20272 RES=0x00 ACK FIN URGP=0
OPT (0101080A0004ECD00B3EA670)
In the first case that's access to a DNS daemon on the router/firewall here
(by public IP), in the second that's the samba.org Website. Some DNS and
some HTTP is still working, but it seems your algorithm is blocking stuff it
shouldn't. Obviously most people won't be running the firewall within an
internal network - but shouldn't it in principle work well in this
situation too?
Or is the bug in iptables rather than in the Guarddog-generated rules?
Whit