On Mon, Aug 4, 2014, at 14:32, Tom Eastep wrote: > On 8/4/2014 12:31 PM, merc1...@f-m.fm wrote: > > On Mon, Aug 4, 2014, at 09:48, Tom Eastep wrote: > >> You can allow the connection in the NEW section but DROP the traffic in > >> the ESTABLISHED section. That way, the connection will be made and you > >> will be able to see it with netstat or ss, but no data will be sent. > > > > I'm one of those old-tyme Shorewall users (and in fact live in Shoreline > > as well), > > Hi neighbor :-)
Howdy. Interesting how they're cutting down all our trees... > > so have never needed to mess with this new NEW, ESTABLISHED, > > etc stuff. Apparently it's to do with the rules file. > > > > I sure don't want to make a false move and allow this trojan to get out, > > so can you give me complete instructions? > > In the rules file: > > ?SECTION ESTABLISHED > DROP net fw tcp - 25 > DROP fw net tcp 25 > ?SECTION NEW > ACCEPT fw net tcp 25 Ok I've set it this way and am monitoring 25 & 110. #SECTION ESTABLISHED DROP net $FW tcp - 25,110 DROP $FW net tcp 25,110 #SECTION NEW ACCEPT $FW net tcp 25,110 These sections come after all my other rules. I infer that #SECTION ESTABLISHED and NEW just have to do with the order in which they appear, and are not specially-coded to be acted on in some way. After I made the change and stopped Shorewall, I did an iptables -L and found to my horror that my system was wide open! (ACCEPT ALL) Even though I have nothing enabled in routestopped. policy looks like this: net $FW DROP info(uid) net local DROP info(uid) $FW net DROP info(uid) $FW local DROP info(uid) local net DROP info(uid) local $FW DROP info(uid) # # THE FOLLOWING POLICY MUST BE LAST # net all DROP info(uid) all all DROP info(uid) I don't understand why my system was wide open with Shorewall stopped? -- http://www.fastmail.fm - Choose from over 50 domains or use your own ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
