On Monday 20 June 2005 10:34, terry l. ridder wrote: > i have recently noticed that iptables is leaking blocked ip addresses > into the local network. > > one example of the leak is below: > > 200.0.0.0/8 is dropped if the destination port is 25 (smtp). iptables-save(8) output, please. What you posted here doesn't tell us much. > the large majority of the packets are dropped but a random few are > leaking pass iptables. > 404 19712 DROP tcp -- eth2 * 200.0.0.0/8 > 0.0.0.0/0 tcp dpt:25 > 143 6992 DROP tcp -- eth2 * 201.0.0.0/8 > 0.0.0.0/0 tcp dpt:25 Put a logging rule here to prove it: iptables -vA $CHAIN -s 200.0.0.0/7 -j LOG --log-prefix "LACNIC-leak: " > at the 2nd lines of defenses the following is seen: > > date and time is utc. > > 2005-06-18 08:20:38.310864 IP 200.221.11.147.29937 > > 204.238.34.206.25: R 0:0(0) win 0 What is this output? > i also have a short web page concerning the iptables leaks at: > http://204.238.34.206/iptables-leaks.txt Still not clear to me. I do see that you've disabled CONFIG_IP_NF_CONNTRACK, which is a very odd choice. Connection tracking is the strength of iptables! -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
