Packets dropped by iptables
Juan L. Pastor
seguridadlinux at yahoo.es
Wed Oct 13 06:24:47 UTC 2004
On Tue, 2004-10-12 at 21:42, Alexander Dalloz wrote:
> > -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
>
> You drop all other ICMP types other than echo (=8). That is bad. ICMP is
> an important protocol and blocking specific types will break things! If
> you don't know for sure why you block a specific ICMP type then just
> don't. You gain no security.
So I guess I should change this line with:
-A INPUT -p icmp -j ACCEPT
Is this OK?
> > Oct 12 21:18:52 kalimotxo kernel: Bad packet from eth0:IN=eth0 OUT=
> > MAC=00:50:8d:e3:19:cb:00:90:d0:bc:56:db:08:00 SRC=62.48.113.158
> > DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=118 ID=21077 PROTO=TCP
> > SPT=4662 DPT=36569 WINDOW=0 RES=0x00 ACK RST URGP=0
> >
> > I think these are acknowledge packets, and they should be accepted (BTW,
> > 4662 is my TCP port for amule). Why are they not accepted by the above
> > rules (state ESTABLISHED) and how can I accept these dropped packets?
>
> What tells you that these are ESTABLISHED (or RELATED) connections? If
> they would be, then they would not go to the LOGDROP chain. If running a
> P2P client such connection attempts are pretty normal. This is how P2P
> works.
If this are ACK packets, I assume that they are response to a previously
established communication. How can I let this packets come into my
system?
Juan
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
More information about the fedora-list
mailing list