Re: [Fwbuilder-discussion] Deny on ACK FIN
Brought to you by:
mikehorn
From: <va...@vk...> - 2006-04-12 21:35:45
|
On Apr 12, 2006, at 2:15 PM, sasa wrote: > "Brian Diehl" wrote: > >> The packets in question are probably not fragmented [at least the >> Don't >> Fragment (DF) flag is set]. > > ..also if I have: > > Rules 0 > Source: PPP > Destination: Interface1 > Service:any > Action: Accept > > Rules 1: > Source: Interface1 > Destination: PPP > Service:any > Action: Accept > > ..this packets are blocked ! how I can to do for not to stop this > packets ?? > thanks. > packets that you show log records for are not IP fragments, they are normal TCP ACK and ACK-FIN packets. There is an option in the firewall settings dialog that makes firewall accept ESTABLISHED and RELATED packets automatically. Is this option enabled in your firewall object ? Log entries look little strange though. First two records show interface through which the packet has entered the firewall ( IN=eth1 ) but they also show interface through which packets would have exited it if they weren't dropped (OUT=ppp0). Destination address in these packets is 10.0.0.83. Are you sure this address belongs to the firewall ? --vk |