This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

blocked incoming ack/psh packets

I don't consider myself to be an expert but I think I have set up the right configuration for our internal network to surf while blocking all unwanted incoming/outgoing. Every once in a while I see a ack or ack/psh package from a.b.c.d:80 to internal:>1024.
I don't know if our users are bothered with this as I never hear anything. How can I easily accept these packages or shouldn't I?

(important) rules are:
from service to action
localnet {internet} any allow
localnet any WAN allow
WAN any localnet allow
any any broadcast8/32 drop
any any any deny

{internet} contains dns, http & https

[ 08 March 2002: Message edited by: adminVMW ]

This thread was automatically locked due to age.

0 ollion over 23 years ago

adminVMW,

you shouldn't :-)
Bad Idea to open the firewall port 80 -> port > 1024
for any ;-)

These are packets to sessions which are already timed out!
Just check it by entering the IP addresses in
your browser.

Regards
ollion
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkk over 22 years ago in reply to ollion

i also have the problem with blocked ack´s.

I see open snmp connections on "connection tracking" and i see the ack´s for this connections blocked.

any idea ???

Dirk
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkk over 22 years ago in reply to dirkk

sorry ... some more infos:
if i setup a permit-any-any-any rule-the open snmp connections in connectiontracking will be closed.

Thanks dirk
Cancel
Vote Up 0 Vote Down

Cancel