[Firehol-support] Blocked Traffic from port 993 and 443

Phil Whineray phil at firehol.org
Wed Jun 29 13:54:02 BST 2016


Hi

On Wed, Jun 29, 2016 at 12:02:38PM +0200, Daniel Heckl wrote:
> firehol/iptables blocks frequent traffic from our Google IMAP Server and one update server with port 443.
> 
> e.g.:
> firehol: IN-internet:IN=eth0 OUT= MAC=00:21:5e:69:e6:3d:xx:xx:xx:xx:xx:xx:xx:xx SRC=64.233.xxx.xxx DST=10.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=63784 PROTO=TCP SPT=993 DPT=58917 WINDOW=0 RES=0x00 RST URGP=0 
> 
> snipped from my firehol.conf:
> interface eth1 internet
> 	...
>         server imaps accept
>         client imaps accept
>         client https accept
> 	...
> 
> The opened ports for the https connection are in status (CLOSE_WAIT).
> 
> Why is my traffic blocked?

Take a look at the FIREHOL_DROP_ORPHAN_TCP_... entries here:

  http://firehol.org/firehol-manual/firehol-variables/

Essentially the connection tracker is forgetting the connection before
the final packet is sent. You can use the variables to make firehol
silent on the subject.

Hope that helps
Phil



More information about the Firehol-support mailing list