[nflug] IPTABLES TCP unclean
Justin Bennett
Justin.Bennett at Dynabrade.com
Thu Feb 16 13:17:43 EST 2006
this is from the man page:
unclean
This module takes no options, but attempts to match pack
ets which seem malformed or unusual. This is regarded as
experimental.
I assume It's not an issue if I just turn it off.
Justin Bennett
Network Administrator
Dynabrade, Inc.
8989 Sheridan Dr.
Clarence, NY 14031
On 2/16/2006 12:56 PM, Darin Perusich wrote:
> how can they not connect to your smtp server, is it their smpt server
> that can't connect? have they tried 'telnet 12.45.31.35 smtp' when you
> have the unclean enabled?
>
> Justin Bennett wrote:
>
>> I'm running a iptables firewall, I've got a rule that blocks TCP
>> Unclean packets.
>>
>> iptables -A INPUT -m unclean -j DROP
>> iptables -A FORWARD -m unclean -j DROP
>>
>> There is a customer who can't connect to our mail server, I've ruled
>> everything else out. When I comment out these two rules, he can
>> connect. There's something funky I beleive with the way he is forming
>> packets. Does anyone know what this blocks? would it be a security
>> issue if I allow tcp unclean from his ip address?
>>
>> Justin
>>
>
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list