[Firehol-support] Blocked Traffic from port 993 and 443

Daniel Heckl daniel.heckl at gmail.com
Wed Jun 29 16:15:18 CEST 2016 

Hi Phil,

I have set FIREHOL_DROP_ORPHAN_TCP_ACK_FIN="1“. The problem is still there. Another idea?

"lsof -i :993" returns no (CLOSE_WAIT)-Ports, "lsof -i :443“ returns 11 (CLOSE_WAIT)-Ports...

Here is a snipped of my firehol.conf

# Require release 6 of FireHOL configuration directives
version 6

# log
FIREHOL_LOG_PREFIX="firehol: "
FIREHOL_DROP_ORPHAN_TCP_ACK_FIN="1"

...

# NIC connected with internet and lan
nic="eth0"

...

interface "${nic}" lan src4 "${lan} ${openvpn} ${l2tp}" src6 fc00::/7
        server ipv6error accept
        client ipv6neigh accept
        server ipv6neigh accept
        server ssh accept
        server http accept
        server https accept
        server httpalt accept
        server ICMP accept
        server ICMPV6 accept
        client all accept

interface "${nic}" internet
        server ipv6error accept
        client ipv6neigh accept
        server ipv6neigh accept
        client ipv6router accept
        server submission accept
        client submission accept
        server smtp accept
        client smtp accept
        server smtps accept
        client smtps accept
        server imap accept
        client imap accept
        server imaps accept
        client imaps accept
        client ICMP accept
        client ICMPV6 accept
        server httpalt accept
        client httpalt accept
        client http accept
        client https accept
        client snmp accept
        client ntp accept
        client ftp accept
        client ssh accept
        client traceroute accept
        client dns accept
Thanks
Daniel

> Am 29.06.2016 um 14:54 schrieb Phil Whineray <phil at firehol.org>:
> 
> Hi
> 
> On Wed, Jun 29, 2016 at 12:02:38PM +0200, Daniel Heckl wrote:
>> firehol/iptables blocks frequent traffic from our Google IMAP Server and one update server with port 443.
>> 
>> e.g.:
>> firehol: IN-internet:IN=eth0 OUT= MAC=00:21:5e:69:e6:3d:xx:xx:xx:xx:xx:xx:xx:xx SRC=64.233.xxx.xxx DST=10.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=63784 PROTO=TCP SPT=993 DPT=58917 WINDOW=0 RES=0x00 RST URGP=0 
>> 
>> snipped from my firehol.conf:
>> interface eth1 internet
>> 	...
>>        server imaps accept
>>        client imaps accept
>>        client https accept
>> 	...
>> 
>> The opened ports for the https connection are in status (CLOSE_WAIT).
>> 
>> Why is my traffic blocked?
> 
> Take a look at the FIREHOL_DROP_ORPHAN_TCP_... entries here:
> 
>  http://firehol.org/firehol-manual/firehol-variables/
> 
> Essentially the connection tracker is forgetting the connection before
> the final packet is sent. You can use the variables to make firehol
> silent on the subject.
> 
> Hope that helps
> Phil

More information about the Firehol-support mailing list