There seems to be a bug in ipchains. Matching port 65535 seems to
always fail. If I set the chain policy to REJECT or DENY and then
add a rule that accepts TCP to/from ports 0:65535, packets going to
port 65535 will still be caught by the kernel. Is there a fix for
this? It's driving me nuts. The firewall box is a 486 with 3 NICs and
is running kernel 2.2.18 vanilla.
Here is a piece of the kernel log:
Jan 17 15:13:03 galileo kernel: Packet log: forward REJECT eth0
PROTO=6 213.173.130.69:65535 xxx.xxx.xxx.xxx:65535 L=44 S=0x00
I=16815 F=0x00B6 T=56 (#25)
Jan 17 15:15:03 galileo kernel: Packet log: forward REJECT eth0
PROTO=6 213.173.130.69:65535 xxx.xxx.xxx.xxx:65535 L=44 S=0x00
I=19969 F=0x00B6 T=56 (#25)
Jan 17 15:17:03 galileo kernel: Packet log: forward REJECT eth0
PROTO=6 213.173.130.69:65535 xxx.xxx.xxx.xxx:65535 L=44 S=0x00
I=21869 F=0x00B6 T=56 (#25)
And here a piece of my forward chain:
ACCEPT tcp ------ anywhere myhomenet/27
any -> 1024:65535
ACCEPT udp ------ anywhere myhomenet/27
any -> 1024:65535
--
-=[ Count Zero / TBH - Jussi Hämäläinen - email [EMAIL PROTECTED] ]=-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
