|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[suse-security] SuSEFirewall doesn't work?
From: Markus A. Radner (markus.radner
gmx.de)
Date: Mon May 10 2004 - 15:01:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi there!
I have this weird problem with my SuSEFirewall2 on SuSE 9.0.
I haven't opened any ports intentionally, but my log file says, that a lot of
access attempts on highports get THROUGH the firewall.
I have hundreds of entries like this in my /var/log/messages file:
SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:a0:d1:d5:b4:3c:00:09:5b:a8:3e:c0:08:00
SRC=213.165.x.x DST=192.168.0.2
LEN=73 TOS=0x00 PREC=0x00 TTL=57 ID=16216 DF PROTO=TCP SPT=110 DPT=1435
WINDOW=5792 RES=0x00 ACK PSH URGP=0 OPT (0101080A0A4992810070F15B)
My computer is behind a router/firewall. Someone tries to connect at port 1435
(and a lot of different other highports as well!). I disabled access to
highports and I only allowed DNS and DHCLIENT as valid services. At least
this was what I was thinking! Here's all the settings of my SuSEFirewall2
file. If anybody could explain waht's going on I'd really be grateful.
FW_QUICKMODE="no"
FW_DEV_EXT="eth0"
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS=""
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DHCLIENT="yes"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="yes"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="no"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
FW_REJECT="no"
FW_HTB_TUNE_DEV=""
yours,
markus.
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]