Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 2008 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country Blocking Exceptions II

yabasoya
I have county blocking on and blocking most countries.  I have port 35073 open and forwarded for bittorrent.  I have and exception to allow this port through to all countries and it works 99% of the time.  However, I would say that about once a minute it blocks a connection that it wasn't supposed to.  Here is an example.

17:01:13 Country blocked UDP 10.10.150.102 : 35073  → 124.244.XX.XX : 14361 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX 
 
17:01:17 Country blocked UDP 10.10.150.102 : 35073 → 112.198.XX:XX : 61025 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX 
 
17:02:44 Country blocked UDP 10.10.150.102 : 35073 → 93.159.XX:XX : 15806 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX 
 
17:04:36 Country blocked UDP 10.10.150.102 : 35073 → 128.72.XX:XX : 14851 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX 

17:05:33 Country blocked UDP 10.10.150.102 : 35073 → 112.198.XX:XX : 61025 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX
 
17:06:13 Country blocked UDP 10.10.150.102 : 35073 → 223.206.XX:XX : 10558 len=95 ttl=127 tos=0x00 srcmac=60:6c:66:7b:XX:XX dstmac=0:15:17:71:XX:XX 
 

The only difference between these blocked lines and the others allowed to pass is the "len=95"

Are these malformed packets or something?


This thread was automatically locked due to age.
Parents
  • 0
    First two on list..

    2014:11:10-17:01:13 ***XX ulogd[22400]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0.150" outitf="eth1" srcmac="60:6c:66:7b:XX:XX" dstmac="0:15:17:71:XX:XX" srcip="10.10.150.102" dstip="124.244.XX:XX" proto="17" length="95" tos="0x00" prec="0x00" ttl="127" srcport="35073" dstport="14361"

    2014:11:10-17:01:17 ****** ulogd[22400]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0.150" outitf="eth1" srcmac="60:6c:66:7b:XX:XX" dstmac="0:15:17:71:XX:XX" srcip="10.10.150.102" dstip="112.198.XX:XX" proto="17" length="95" tos="0x00" prec="0x00" ttl="127" srcport="35073" dstport="61025"
Reply
  • 0
    First two on list..

    2014:11:10-17:01:13 ***XX ulogd[22400]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0.150" outitf="eth1" srcmac="60:6c:66:7b:XX:XX" dstmac="0:15:17:71:XX:XX" srcip="10.10.150.102" dstip="124.244.XX:XX" proto="17" length="95" tos="0x00" prec="0x00" ttl="127" srcport="35073" dstport="14361"

    2014:11:10-17:01:17 ****** ulogd[22400]: id="2021" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0.150" outitf="eth1" srcmac="60:6c:66:7b:XX:XX" dstmac="0:15:17:71:XX:XX" srcip="10.10.150.102" dstip="112.198.XX:XX" proto="17" length="95" tos="0x00" prec="0x00" ttl="127" srcport="35073" dstport="61025"
Children
No Data