[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] firewall lets ports pass although blocked
 Date:  Wed, 9 Nov 2005 14:23:43 -0500
On 11/9/05, berek at rz dot uni dash leipzig dot de <berek at rz dot uni dash leipzig dot de> wrote:
>
> i've set up a bunch of allow rules for the WLAN interface outbound to everywhere
> (see list below).  but if i have a glance at the traffic passing the
> linksys-wlan-node, from time to time i see tcp-connections (usually with heavy
> traffic) from some of the wlan-nodes to the internet on ports that are
> definitely NOT allowed in my list. thus they normally should be blocked by the
> default blocking rule of the WLAN interface. but they pass through, as i can
> see in the output of iptraf on the linksys. the ports that were passed the last
> time were different ones between 62000 and 63000.
>

They're ephemeral ports, most likely source ports is what you're
seeing, and it has to be allowed by the state table if it isn't
allowed explicitly in your rules.

-Chris