Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 518 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OUTPUT Chain of FW not secure

Wirrkopf
Hi there.

I just checked the Firewall Chains and there is something that I find weird..

1595  913K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpts:1:65535 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp spts:1024:65535 dpts:1:65535 

There is no way I can stop the Firewall from allowing outgoing packets :-(

Any idea somebody ?

Chris


This thread was automatically locked due to age.
  • 0
    Hi there, 
    this rules are added if you activate the HTTP or the SOCKS Proxy.

    In both cases you don't know on which ports the proxy would like to connect to.
    HTTP does normally use one of those 20,21,80,443,8080,3128 but all other ports are also valid, this is why this rule gets added.

    We have plans that in a future version those rules get secured by the pid,gid of the according proxy, so no other process than this proxy is allowed to connect to those ports.

    I hope this anwsers your question.

    Kind regards
    Gert