[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Packets blocked for seemingly no reason
 Date:  Mon, 02 May 2005 15:39:58 +0200
Am Montag, den 02.05.2005, 07:18 -0500 schrieb Zach Lowry:
> Yes, I suspected this. I noticed this only on connections that maintain
> a persistent connection, lke IMAP.

Your log extract was from a tcp connection from inside to outside port
80, not 143 nor 993:

> May  1 22:57:57 192.168.0.1 ipmon[130]: 22:57:57.289976 sis1 @0:31 b
> 192.168.0.2,41262 -> 83.149.110.1,80 PR tcp len 20 52 -AF IN

> Basically, it's an annoyance, because my log monitoring software reports
> my IPs as the most actively blocked. Oh sure, I could block it, but then
> what if there really was a problem with one of those IPs?

If you can't narrow your problem down to your implementation of IMAP or
the webbrowser, maybe you only want to hide blocked tcp connections with
flags FIN and/or ACK set. This isn't possible with ipfilter, but maybe
with your log monitoring software.

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |   _-_     I am NOT a kludge! I am a computer!  -- tts
 Peter Allgeyer | 0(o_o)0
---------------oOO--(_)--OOo-----------------------------------------------