[Firehol-support] FIREHOL_DROP_ORPHAN_TCP_ACK_FIN
Daniel Goering
g_daniel at gmx.net
Fri Nov 30 23:18:54 GMT 2007
Hi,
I use FireHOL 1.250
recently I added the line
FIREHOL_DROP_ORPHAN_TCP_ACK_FIN=1
to my config to reduce the log output.The flag causes a lot of rule to
be generated like the following one
DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:0x3F/0x11
but these rules don't seem to work. All of them have a package count of
0 and I still see a lot of output in my logfiles like
PASS-unknown:IN=eth0 OUT=ppp0 SRC=xxx.xxx.xxx.xxx
DST=yyy.yyy.yyy.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=63
ID=45340 DF PROTO=TCP SPT=XXX DPT=YYY WINDOW=16296
RES=0x00 ACK FIN URGP=0
Is there something wrong with my configuration or with the way FireHOL
checks for ACK FIN?
Cheers
Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20071201/4c91d403/attachment.sig>
More information about the Firehol-support
mailing list