On 11/9/05, berek at rz dot uni dash leipzig dot de <berek at rz dot uni dash leipzig dot de> wrote:
> i've set up a bunch of allow rules for the WLAN interface outbound to everywhere
> (see list below). but if i have a glance at the traffic passing the
> linksys-wlan-node, from time to time i see tcp-connections (usually with heavy
> traffic) from some of the wlan-nodes to the internet on ports that are
> definitely NOT allowed in my list. thus they normally should be blocked by the
> default blocking rule of the WLAN interface. but they pass through, as i can
> see in the output of iptraf on the linksys. the ports that were passed the last
> time were different ones between 62000 and 63000.
They're ephemeral ports, most likely source ports is what you're
seeing, and it has to be allowed by the state table if it isn't
allowed explicitly in your rules.