From: Malte Gell (malte_gellt-online.de)
Date: Thu Apr 03 2003 - 18:16:30 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'm using the SuSEfirewall2 script V2.1 on a machine which is running
e.g. leafnode on port 119, no connection from the internet on port 119
should be allowed. A normal home user's machine so to say.

Leafnode is protected with the tcpd wrapper, nevertheless, I'm curious
why SuSEfirewall2 seems to accept packages on port 119, although it
shouldn't.

FW_SERVICES_[EXT,DMZ,INT]_[TCP,UDP] are set to ""
FW_AUTOPROTECT_SERVICES="yes"

When I telnet the machine, packages go through SuSEfirewall2 and tcpd
refuses the connect, but I expected SuSEfirewall to block any traffic
on port 119, why doesn't this happen ? I expected so see something like
"SuSE-FW-DROP Default IN=ppp0 ... SRC=... DST=... SPT=... DPT=119" that
doesn't happen.

Now, how does SuSEfirewall2 handle ports < 1024 which are not mentioned
in the preferences, traffic on port 119 seem to be accepted, though
nowhere allowed. I don't want the tcpd to be the "last line of
defense", I'd like to get this traffic blocked by the SuSEfirewall2.

The same applies e.g. to the IPP protocol (CUPS printer system) on port
631, if I telnet it, okay the connection is refused, but theres no
"SuSE-FW-DROP Default IN=ppp0 ... SRC=... DST=... SPT=... DPT=631"
appearing which I expected to see, with port 80 this works ! Any
connection attempt causes a "SuSE-FW-DROP Default IN=ppp0..." message.

SuSEfirewall2 V 2.1 from www.suse.de/~marc/SuSE.html on a SuSE 7.3,
Kernel 2.4.19, iptables v1.2.2

Thanx
Malte

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]