This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble with filterrules

I am having trouble with filterrules that not works.
I am trying to filter NetBios and all other unwanted protocols

It seems like the rules works better when I not use service and networkgroups.

When I looked in the kernellog I found this errormessage:

Mar 20 21:33:33 (none) kernel: request_module[net-pf-17]: waitpid(1161,...) failed, errno 1

Is ther anyone who can tell what this mean .....

This thread was automatically locked due to age.

Parents

0 Gert Hansen over 22 years ago

Hi there,

which version of ASL are you using?

What does your configuration look like?

kind regards
Gert
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Gert Hansen over 22 years ago

Hi there,

which version of ASL are you using?

What does your configuration look like?

kind regards
Gert
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Magnus_Lundberg over 22 years ago in reply to Gert Hansen

ASL 4.0

Current Packet Filter Rules :

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
216K  126M LOCAL      all  --  *      *       0.0.0.0/0            0.0.0.0/0
180K  122M HA         all  --  *      *       0.0.0.0/0            0.0.0.0/0
180K  122M HARDENING  all  --  *      *       0.0.0.0/0            0.0.0.0/0
180K  122M PSD_MATCHER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
180K  122M FIX_CONNTRACK  all  --  *      *       0.0.0.0/0            0.0.0.0/0
180K  122M AUTO_INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
5056  662K USR_INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  176 31779 LOGDROP    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
2649 1572K LOCAL      all  --  *      *       0.0.0.0/0            0.0.0.0/0
2649 1572K HARDENING  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2649 1572K PSD_MATCHER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2649 1572K FIX_CONNTRACK  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2649 1572K AUTO_FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   51  2644 USR_FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOGDROP    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
243K  140M LOCAL      all  --  *      *       0.0.0.0/0            0.0.0.0/0
207K  136M HA         all  --  *      *       0.0.0.0/0            0.0.0.0/0
207K  136M HARDENING  all  --  *      *       0.0.0.0/0            0.0.0.0/0
207K  136M FIX_CONNTRACK  all  --  *      *       0.0.0.0/0            0.0.0.0/0
207K  136M AUTO_OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    4   192 USR_OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    4   192 LOGDROP    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain AUTO_FORWARD (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8 code 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 0 code 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8 code 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 0 code 0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp spts:1024:65535 dpts:33000:34000
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 11 code 0
2598 1570K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED

Chain AUTO_INPUT (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1:65535 dpt:1080
    0     0 ACCEPT     tcp  --  *      *       172.16.2.0/24        0.0.0.0/0          tcp spts:1:65535 dpt:1080
68963   10M ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1:65535 dpt:8080
    0     0 ACCEPT     tcp  --  *      *       172.16.2.0/24        0.0.0.0/0          tcp spts:1:65535 dpt:8080
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            255.255.255.255    tcp spt:68 dpt:67
   13  4316 ACCEPT     udp  --  eth0   *       0.0.0.0/0            255.255.255.255    udp spt:68 dpt:67
    0     0 ACCEPT     tcp  --  eth0   *       172.16.1.0/24        172.16.1.1         tcp spt:68 dpt:67
    0     0 ACCEPT     udp  --  eth0   *       172.16.1.0/24        172.16.1.1         udp spt:68 dpt:67
  165 15316 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp dpt:22
    0     0 LOGDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:22
5981  387K ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:443
    0     0 LOGDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpt:443
    0     0 ACCEPT     tcp  --  *      *       172.16.2.0/24        0.0.0.0/0          tcp spts:53:65535 dpt:53
    0     0 ACCEPT     udp  --  *      *       172.16.2.0/24        0.0.0.0/0          udp spts:53:65535 dpt:53
   55  2683 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:53:65535 dpt:53
  520 32892 ACCEPT     udp  --  *      *       172.16.1.0/24        0.0.0.0/0          udp spts:53:65535 dpt:53
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1:65535 dpt:25
99324  111M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED

Chain AUTO_OUTPUT (1 references)
pkts bytes target     prot opt in     out     source               destination
  392 29792 ACCEPT     udp  --  *      *       0.0.0.0/0            192.36.143.151     udp spts:1024:65535 dpt:123
194K  129M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpts:1:65535
2515  160K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp spts:1024:65535 dpts:1:65535
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpt:8080
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpt:389
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1:65535 dpt:222
    0     0 ACCEPT     tcp  --  *      eth0    172.16.1.1           255.255.255.255    tcp spt:67 dpt:68
    0     0 ACCEPT     udp  --  *      eth0    172.16.1.1           255.255.255.255    udp spt:67 dpt:68
    0     0 ACCEPT     tcp  --  *      eth0    172.16.1.1           172.16.1.0/24      tcp spt:67 dpt:68
    0     0 ACCEPT     udp  --  *      eth0    172.16.1.1           172.16.1.0/24      udp spt:67 dpt:68
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            212.247.227.5      tcp spts:53:65535 dpt:53
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            212.247.227.5      udp spts:53:65535 dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            212.247.227.2      tcp spts:53:65535 dpt:53
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            212.247.227.2      udp spts:53:65535 dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp spts:1:65535 dpt:25
10610 6970K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED

Chain FIX_CONNTRACK (3 references)
pkts bytes target     prot opt in     out     source               destination

Chain HA (2 references)
pkts bytes target     prot opt in     out     source               destination

Chain HARDENING (3 references)
pkts bytes target     prot opt in     out     source               destination

Chain LOCAL (3 references)
pkts bytes target     prot opt in     out     source               destination
35954 3995K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
35954 3995K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0

Chain LOGDROP (6 references)
pkts bytes target     prot opt in     out     source               destination
  180 31971 LOG_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  180 31971 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain LOGREJECT (0 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 LOG_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          reject-with icmp-port-unreachable

Chain LOG_CHAIN (2 references)
pkts bytes target     prot opt in     out     source               destination
    5  2670 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
  171 29109 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        esp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    4   192 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        2    --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        47   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  -f  *      *       0.0.0.0/0            0.0.0.0/0

Chain PSD_ACTION (2 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain PSD_MATCHER (2 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 PSD_ACTION  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          psd options
    0     0 PSD_ACTION  udp  --  *      *       0.0.0.0/0            0.0.0.0/0          psd options

Chain USR_FORWARD (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       172.16.1.0/24        172.16.2.0/24
    0     0 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:21
    0     0 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpts:20:21
    0     0 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:119
    0     0 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1:65535 dpt:53
    0     0 ACCEPT     udp  --  *      *       172.16.1.0/24        0.0.0.0/0          udp spts:1:65535 dpt:53
   44  2112 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:443
    7   532 ACCEPT     udp  --  *      *       172.16.1.0/24        0.0.0.0/0          udp spt:123 dpt:123
    0     0 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:110
    0     0 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:1494
    0     0 ACCEPT     tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:80
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           172.16.1.0/24      tcp spts:1024:65535 dpt:21
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           172.16.1.0/24      tcp spts:1024:65535 dpts:20:21
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           0.0.0.0/0          tcp spts:1024:65535 dpt:21
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           0.0.0.0/0          tcp spts:1024:65535 dpts:20:21
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           0.0.0.0/0          tcp spts:1024:65535 dpt:119
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           0.0.0.0/0          tcp spts:1:65535 dpt:53
    0     0 ACCEPT     udp  --  *      *       172.16.2.2           0.0.0.0/0          udp spts:1:65535 dpt:53
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           0.0.0.0/0          tcp spts:1024:65535 dpt:443
    0     0 ACCEPT     udp  --  *      *       172.16.2.2           0.0.0.0/0          udp spt:123 dpt:123
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           0.0.0.0/0          tcp spts:1024:65535 dpt:110
    0     0 ACCEPT     tcp  --  *      *       172.16.2.2           0.0.0.0/0          tcp spts:1024:65535 dpt:80
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            172.16.1.0/24      tcp spts:1024:65535 dpt:113
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            192.168.62.0/24    tcp spts:1024:65535 dpt:113
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            172.16.2.0/24      tcp spts:1024:65535 dpt:113
    0     0 LOGDROP    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain USR_INPUT (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            192.168.62.255     tcp spt:137 dpt:137
2669  231K DROP       udp  --  *      *       0.0.0.0/0            192.168.62.255     udp spt:137 dpt:137
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            172.16.1.255       tcp spt:137 dpt:137
  738 61938 DROP       udp  --  *      *       0.0.0.0/0            172.16.1.255       udp spt:137 dpt:137
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            172.16.2.255       tcp spt:137 dpt:137
    0     0 DROP       udp  --  *      *       0.0.0.0/0            172.16.2.255       udp spt:137 dpt:137
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            192.168.62.255     tcp spt:138 dpt:138
1182  274K DROP       udp  --  *      *       0.0.0.0/0            192.168.62.255     udp spt:138 dpt:138
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            172.16.1.255       tcp spt:138 dpt:138
  255 58552 DROP       udp  --  *      *       0.0.0.0/0            172.16.1.255       udp spt:138 dpt:138
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            172.16.2.255       tcp spt:138 dpt:138
    0     0 DROP       udp  --  *      *       0.0.0.0/0            172.16.2.255       udp spt:138 dpt:138
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            192.168.62.255     tcp spts:1024:65535 dpt:139
    0     0 DROP       udp  --  *      *       0.0.0.0/0            192.168.62.255     udp spts:1024:65535 dpt:139
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            172.16.1.255       tcp spts:1024:65535 dpt:139
    0     0 DROP       udp  --  *      *       0.0.0.0/0            172.16.1.255       udp spts:1024:65535 dpt:139
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            172.16.2.255       tcp spts:1024:65535 dpt:139
    0     0 DROP       udp  --  *      *       0.0.0.0/0            172.16.2.255       udp spts:1024:65535 dpt:139

Chain USR_OUTPUT (1 references)
pkts bytes target     prot opt in     out     source               destination




Current NAT rules :

Chain PREROUTING (policy ACCEPT 9993 packets, 1290K bytes)
pkts bytes target     prot opt in     out     source               destination
12655 1417K SPOOF_DROP  all  --  *      *       0.0.0.0/0            0.0.0.0/0
12655 1417K NAT_PRE    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 8394 packets, 608K bytes)
pkts bytes target     prot opt in     out     source               destination
8433  610K NAT_POST   all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 8400 packets, 609K bytes)
pkts bytes target     prot opt in     out     source               destination
8393  608K NAT_OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain NAT_OUTPUT (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.62.0/24    tcp spts:1024:65535 dpts:20:21 to:172.16.2.2
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.62.11      tcp spts:1024:65535 dpt:21 to:172.16.2.2
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.62.11      tcp spts:1024:65535 dpt:80 to:172.16.2.2

Chain NAT_POST (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      eth1    172.16.2.0/24        0.0.0.0/0
   44  2224 MASQUERADE  all  --  *      eth1    172.16.1.0/24        0.0.0.0/0

Chain NAT_PRE (1 references)
pkts bytes target     prot opt in     out     source               destination
2662  128K REDIRECT   tcp  --  *      *       172.16.1.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:80 redir ports 8080
    0     0 REDIRECT   tcp  --  *      *       172.16.2.0/24        0.0.0.0/0          tcp spts:1024:65535 dpt:80 redir ports 8080
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.62.0/24    tcp spts:1024:65535 dpts:20:21 to:172.16.2.2
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.62.11      tcp spts:1024:65535 dpt:21 to:172.16.2.2
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.62.11      tcp spts:1024:65535 dpt:80 to:172.16.2.2

Chain SPOOF_DROP (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  eth2   *       172.16.2.1           0.0.0.0/0
    0     0 DROP       all  --  eth2   *       172.16.2.1           0.0.0.0/0
    0     0 LOG        all  --  eth2   *       172.16.1.0/24        0.0.0.0/0
    0     0 DROP       all  --  eth2   *       172.16.1.0/24        0.0.0.0/0
    0     0 LOG        all  --  eth2   *       192.168.62.0/24      0.0.0.0/0
    0     0 DROP       all  --  eth2   *       192.168.62.0/24      0.0.0.0/0
    0     0 LOG        all  --  eth0   *       172.16.1.1           0.0.0.0/0
    0     0 DROP       all  --  eth0   *       172.16.1.1           0.0.0.0/0
    0     0 LOG        all  --  eth0   *       172.16.2.0/24        0.0.0.0/0
    0     0 DROP       all  --  eth0   *       172.16.2.0/24        0.0.0.0/0
    0     0 LOG        all  --  eth0   *       192.168.62.0/24      0.0.0.0/0
    0     0 DROP       all  --  eth0   *       192.168.62.0/24      0.0.0.0/0
    0     0 LOG        all  --  eth1   *       192.168.62.11        0.0.0.0/0
    0     0 DROP       all  --  eth1   *       192.168.62.11        0.0.0.0/0
    0     0 LOG        all  --  eth1   *       172.16.2.0/24        0.0.0.0/0
    0     0 DROP       all  --  eth1   *       172.16.2.0/24        0.0.0.0/0
    0     0 LOG        all  --  eth1   *       172.16.1.0/24        0.0.0.0/0
    0     0 DROP       all  --  eth1   *       172.16.1.0/24        0.0.0.0/0
Cancel
Vote Up 0 Vote Down

Cancel