Re: [Fwbuilder-discussion] Filtering Port 0
Brought to you by:
mikehorn
From: Vadim K. <va...@vk...> - 2003-12-09 05:33:19
|
On Dec 8, 2003, at 8:45 PM, Joe Giles wrote: > First, I was wondering how I can create a rule to block port 0 UDP and > TCP. I was watching my jnettop and there was an ip address connect to > my machine and they seemed to me DOS'ing port 0 as there was over > 1.23mbps hitting my server from port 0. > I can not find any reference to a DOS or any exploit using TCP or UDP port 0. Could you show a log entry, or even better tcpdump output ? > I read up on the internet and there is a way using IPTABLES, but if I > create a UDP or TCP port 0 service, nothing happens when I apply that > rule. > Service objects with source and destination port number 0 are not supported in fwbuilder. Implementation of this feature would require considerable effort. Could you file a feature request ? > Second, when I block a port on my server, say 6667 (IRC) and I compile > and apply, I still notice several connects. I have to do a network > restart and restart my created .fw file to stop the connection. Is > there an easier way? > there is really not enough information to go by in this report. Do you run firewall on the same box you connect to IRC from ? Were those connections opened before you activated firewall script ? Normally, firewall permits TCP sessions opened before you start firewall script. When you restart network on the server, you break those connection, but the new ones can not be established because firewall blocks them. You may want to try to uncheck checkbox "Accept TCP sessions opened before firewall restart", this will make it block connections opened prior to firewall activation. --vk |