Re: [leaf-user] Is shorewall configured by default to drop/rejectudp broadcasts?

Wed, 04 Dec 2002 11:53:41 -0800



--On Thursday, December 05, 2002 04:05:31 +0900 youngdo <[EMAIL PROTECTED]> wrote:



One final suggestion -- you might consider checking the rulesets again
(either in this fashion or the one Tom suggested, though I don't know



if



I'll be able to interpret Shorewall-specific reports) after some time



has



elapsed, just to be sure that the Samba retransmit failures have



actually



occurred ... the packet counts in what you posted were generally low,
implying that the firewall had not been active for very long, possibly



not



long enough for the problem to occur.





Chain fw2loc (2 references)
 pkts bytes target     prot opt in     out     source
destination
  255 17273 ACCEPT     ah   --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
   85 17035 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp dpts:137:139




85 UDP packets with destination port 137-139 have been accepted from the 
firewall to the local network.




    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:137
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:139
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp spt:137 dpts:1024:65535
    0     0 all2all    ah   --  *      *       0.0.0.0/0
0.0.0.0/0



No packets from the firewall to the local network have been dropped.




Chain loc2fw (2 references)
 pkts bytes target     prot opt in     out     source
destination
  205 17905 ACCEPT     ah   --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:22
    7   424 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:80
  233 29368 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp dpts:137:139




233 UDP packets with destination port 137-139 have been accepted from the 
local network to the firewall.




    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:137
   43  2064 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:139
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp spt:137 dpts:1024:65535
    0     0 all2all    ah   --  *      *       0.0.0.0/0
0.0.0.0/0





No packets from the local network to the firewall have been dropped.



-Tom

--

Tom Eastep    \ Shorewall - iptables made easy

AIM: tmeastep  \ http://shorewall.sf.net

ICQ: #60745924  \ [EMAIL PROTECTED]











-------------------------------------------------------

This SF.net email is sponsored by: Microsoft Visual Studio.NET 
comprehensive development tool, built to increase your 
productivity. Try a free online hosted session at:

http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en

------------------------------------------------------------------------

leaf-user mailing list: [EMAIL PROTECTED]

https://lists.sourceforge.net/lists/listinfo/leaf-user

SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html














    











					Reply via email to