[ previous ] [ next ] [ threads ]
 
 From:  berek at rz dot uni dash leipzig dot de
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: firewall lets ports pass although blocked
 Date:  Fri, 11 Nov 2005 10:54:46 +0100
Chris Buechler wrote:
>go to status.php and paste all the firewall rules from your
>config.xml, not the raw firewall rules.  Everything between <filter>
>and </filter>.

here we go:
(BTW: sorry for the delay in my answers, i get the mailingslist as digest)

 <filter>
        <rule>
            <type>block</type>
            <interface>wan</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <any/>
            </source>
            <destination>
                <any/>
                <port>137-138</port>
            </destination>
            <descr>Block WAN -&gt; port137/138-primacom-windoof-netzwerkscheiss
und log es bitte nicht mit!</descr>
        </rule>
        <rule>
            <type>block</type>
            <interface>wan</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <any/>
            </source>
            <destination>
                <any/>
                <port>445</port>
            </destination>
            <descr>Block WAN -&gt; primacom-windoof-server-message-block und log
es bitte nicht mit!</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.79.1</address>
            </source>
            <destination>
                <network>lan</network>
                <port>21-22</port>
            </destination>
            <descr> 79-1 -&gt; LAN</descr>
        </rule>
        <rule>
            <type>block</type>
            <interface>opt1</interface>
            <source>
                <address>10.11.77.6</address>
            </source>
            <destination>
                <any/>
            </destination>
            <disabled/>
            <log/>
            <descr>kill 77.6</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.79.1</address>
            </source>
            <destination>
                <network>lan</network>
                <port>443</port>
            </destination>
            <descr> 79-1 -&gt; LAN</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.79.1</address>
            </source>
            <destination>
                <address>10.139.77.5</address>
                <port>1975-1977</port>
            </destination>
            <descr> 79-1 -&gt; till</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.79.1</address>
            </source>
            <destination>
                <address>192.168.0.5</address>
                <port>1975</port>
            </destination>
            <descr> 79-1 -&gt; wauwau</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>igmp</protocol>
            <source>
                <address>10.11.79.1</address>
            </source>
            <destination>
                <network>lan</network>
            </destination>
            <descr> 79-1 -&gt; LAN, ping</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.75.2</address>
            </source>
            <destination>
                <network>lan</network>
                <port>21-22</port>
            </destination>
            <descr> 75-2 -&gt; LAN</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.75.2</address>
            </source>
            <destination>
                <network>lan</network>
                <port>443</port>
            </destination>
            <descr> 75-2 -&gt; LAN</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.75.2</address>
            </source>
            <destination>
                <address>192.168.0.5</address>
                <port>1975</port>
            </destination>
            <descr> 75-2 -&gt; wauwau</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.75.2</address>
            </source>
            <destination>
                <address>10.139.77.5</address>
                <port>1977</port>
            </destination>
            <descr> 75-2 -&gt; till</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>igmp</protocol>
            <source>
                <address>10.11.75.2</address>
            </source>
            <destination>
                <network>lan</network>
            </destination>
            <descr> 75-2 -&gt; LAN, ping</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.75.2</address>
            </source>
            <destination>
                <any/>
                <port>10021-10025</port>
            </destination>
            <descr>Libri-Bestell Port</descr>
        </rule>
        <rule>
            <type>block</type>
            <interface>opt1</interface>
            <source>
                <any/>
            </source>
            <destination>
                <network>lan</network>
            </destination>
            <log/>
            <descr>Block OLSR -&gt; LAN</descr>
        </rule>
        <rule>
            <type>block</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <any/>
                <port>137-138</port>
            </source>
            <destination>
                <any/>
            </destination>
            <descr>Block Windows Scheiss aus dem OLSR </descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <address>192.168.200.2</address>
                <port>21-80</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <address>192.168.200.2</address>
                <port>443</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <address>192.168.200.2</address>
                <port>1024-65000</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <any/>
                <port>53</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>udp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <any/>
                <port>123</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <any/>
                <port>37</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <any/>
                <port>80</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <any/>
                <port>443</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>110</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>143</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>22</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>21</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>25</port>
            </destination>
            <descr/>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>995</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>585</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>993</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>5222-5223</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>8080</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>5190</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.79.2</address>
            </source>
            <destination>
                <any/>
                <port>119</port>
            </destination>

Massendownload missbraucht</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <address>217.160.167.26</address>
                <port>22222</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>icmp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
            </destination>
            <descr>Ping OLSR</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>udp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <any/>
                <port>5000</port>
            </destination>
            <descr>open-vpn-tests ufo</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>5154-5155</port>
            </destination>
            <descr>SuSE 3dgame (nasi)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>6667-6668</port>
            </destination>
            <descr>IRC (internet relay chat)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>8000-8128</port>
            </destination>
            <descr>div. radios</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>8800</port>
            </destination>
            <descr>dnb radio</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>9540</port>
            </destination>
            <descr>dnb radio</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>23724</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>9210</port>
            </destination>
            <descr>radio</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>9001-9033</port>
            </destination>
            <descr>TOR connections</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>10001</port>
            </destination>
            <descr>TOR connections</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>873</port>
            </destination>
            <descr>gentoo: rsync</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>2500</port>
            </destination>
            <descr>Videokonferenz/-telefonie</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>3500</port>
            </destination>
            <descr>Videokonferenz/-telefonie</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>20080-20082</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>8180</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>3900</port>
            </destination>
            <descr>Videokonferenz/-telefonie</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>2401</port>
            </destination>
            <descr>Andreas</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>5999</port>
            </destination>
            <descr>Andreas</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>10000</port>
            </destination>
            <descr>Andreas</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>2064</port>
            </destination>
            <descr>distributed.net</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>52000-52001</port>
            </destination>

        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>554</port>
            </destination>
            <descr>Real Player</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>7070</port>
            </destination>
            <descr>Real Player</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>3306</port>
            </destination>
            <descr>MySQL</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>udp</protocol>
            <source>
                <address>10.0.0.0/8</address>
            </source>
            <destination>
                <any/>
                <port>33434-33534</port>
            </destination>
            <descr>traceroute damit HNA nich weggeht</descr>
        </rule>
        <rule>
            <type>block</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>50000-65000</port>
            </destination>
            <log/>
            <descr> testblock explizit</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>opt1</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>10.11.0.0/16</address>
            </source>
            <destination>
                <any/>
                <port>8880</port>
            </destination>
            <descr>freedb-com irgendwas</descr>
        </rule>
        <rule>
            <type>pass</type>
            <descr>Default LAN -&gt; any</descr>
            <interface>lan</interface>
            <source>
                <network>lan</network>
            </source>
            <destination>
                <any/>
            </destination>
        </rule>
        <tcpidletimeout/>
    </filter>


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.