Tom Eastep
2002-Mar-03 17:11 UTC
Fwd: Re: [Shorewall-users] strange UDP scan results on a Shorewall firewall
---------- Forwarded Message ---------- Subject: Re: [Shorewall-users] strange UDP scan results on a Shorewall=20 firewall Date: Sun, 3 Mar 2002 08:33:20 -0800 From: Tom Eastep <teastep@shorewall.net> To: "Scott Duncan" <sduncan@cytechconsult.com> On Saturday 02 March 2002 04:30 am, Scott Duncan wrote:> Yes, the net->all policy is the same on all three (REJECT log level=3Dinfo). > That was the first place I started looking. The rules files are different > for all three firewalls. Strange.I drug out an old 486 to test with and I''ve reproduced this behavior here with a policy of DROP for net->fw; that is consistent with the nmap documentation. I cannot reproduce the behavior with a policy of REJECT; that is also consistent with the nmap man page since a policy of REJECT causes ICMP port unreachable packets to be returned. On the system where you are seeing this problem, is there perhaps a blanket DROP rule for net->fw UDP? You might try resetting the Shorewall counters (shorewall reset) then run nmap and look at the output of "shorewall show net2fw" to see which rules the packets are matching. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net ------------------------------------------------------- --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Possibly Parallel Threads
Wisdom of the Ancients
