[ previous ] [ next ] [ threads ]
 
 From:  William Arlofski <waa dash m0n0wall at revpol dot com>
 To:  berek at rz dot uni dash leipzig dot de
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] RE: firewall lets ports pass although blocked
 Date:  Thu, 10 Nov 2005 12:35:02 -0500
berek at rz dot uni dash leipzig dot de wrote:
>>berek at rz dot uni dash leipzig dot de wrote:
>>
>>>hi,
>>>i'm using m0n0 for some years now. but now the firewall seems to let
> 
> connections
> 
>>>be established that should be blocked.
> 
> ...
> 
>>>definitely NOT allowed in my list. thus they normally should be blocked by
> 
> the
> 
>>>default blocking rule of the WLAN interface. but they pass through, as i can
>>>see in the output of iptraf on the linksys. the ports that were passed the
> 
> last
> 
>>>time were different ones between 62000 and 63000.
> 
> Chris Buechler said:
> 
>>They're ephemeral ports, most likely source ports is what you're
>>seeing, and it has to be allowed by the state table if it isn't
>>allowed explicitly in your rules.
> 
> 
> here is on line of the output of the firewall state:
> 
> Source  	Port  	Destination  	Port  	Protocol  Packets  	Bytes  	TTL
> 10.11.77.5  	1073  	137.226.34.227  55413  	tcp  	775555        756769468 
> 2:30:00
> 
> the connection has *destination* port 55413, and that one is not in the allow
> list. hmpf. i'm helpless.
> 
> yours & thanks for your ideas,
> mathias berek


Mathias... You will need to either restart (a little drastic) the
m0n0wall or (better choice) go to the diagnostics page and select "Reset
State"

Adding new blocking rules will not kill off already established
connections. Resetting the firewall state will fix this.

Hope I didn't miss anything...

--
Bill Arlofski