Rules are followed inconsistently in firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
    I run a small network in my home where I am trying to have the brunt of the network firewalling handled by a single Linux 8.0 server.  I have a DSL internet connection in which I have the use of 5 static IPs.  Since I have few client machines using this connection, I decided to allow each machine to have a separate IP.  I am using iptables 1.2.7a and a 2.4.19 kernel compiled with bridging and the hooks to pass packets through iptables so that I can have a central point to apply firewalling rules.  I believe this arrangement is referred to as a bridging router.  I have a default chain specified that DROPs various incoming UDP, TCP, & ICMP echo-requests.  The problem I am experiencing is that sometimes some of these specified packets are DROPed and sometimes they are not.
    My method of testing I am using is the website at http://www.dslreports.com/scan.  They have a scanning tool that "attacks" your IP and notifies you of general vulnerabilities and concerns.  Even though I have those rules in place, I get results that say some of my UDP ports are open, even though they should be blocked.  But I'll run the scan again and get a perfect result with no open UDP ports.  Every time I run the scan, I'm told that my IP is not pingable so I know that at least one of the rules is working, but the others only work sporadically.
 
Below is the 'iptables -nL --line-numbers' output of that default chain...
 
Chain default (3 references)
num  target     prot opt source               destination
1    DROP       icmp --  0.0.0.0/0            <internal net>      icmp type 8
2    DROP       tcp  --  0.0.0.0/0            <internal net>    tcp flags:0x16/0x02
3    DROP       udp  --  0.0.0.0/0            <internal net>    udp dpt:13
4    DROP       udp  --  0.0.0.0/0            <internal net>    udp dpt:37
5    DROP       udp  --  0.0.0.0/0            <internal net>    udp dpt:123
6    DROP       udp  --  0.0.0.0/0            <internal net>    udp dpt:135
7    DROP       udp  --  0.0.0.0/0            <internal net>    udp dpt:137
8    DROP       udp  --  0.0.0.0/0            <internal net>    udp dpt:138
9    DROP       udp  --  0.0.0.0/0            <internal net>    udp dpt:161
10   DROP       udp  --  0.0.0.0/0            <internal net>    udp dpt:162
11   DROP       tcp  --  0.0.0.0/0            <internal net>    tcp dpt:135
12   DROP       tcp  --  0.0.0.0/0            <internal net>    tcp dpt:139
13   DROP       tcp  --  0.0.0.0/0            <internal net>    tcp dpt:445
 
    There are no ACCEPT rules occurring before the default chain is called, so the various UDP & TCP packets are still in the filter by the time they reach their respective DROP rules.
    Are these packets just going through too quickly for iptables to drop them?  If you can shed any light on this, please let me know.
 
Brandon
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux