ASL firewall dummy's guide

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
Post Reply
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

ASL firewall dummy's guide

Unread post by faris »

I've noticed that a number of firewall drop events for the DROP_ASL_INPUT chain are being logged where the destination port is valid and open (e.g. 443, or 80).

For example:

Code: Select all

DROP_ASL_INPUT IN=venet0 OUT= MAC= SRC=[redacted] DST=[redacted] LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=TCP SPT=64424 DPT=443 SEQ=2602010600 ACK=2602010600 WINDOW=0 RES=0x00 RST URGP=0
They tend to all be RST
TCP RST packets are used to close open TCP connections gracefully. For more information about the TCP RST read RFC 793 - Transmission Control Protocol
I was wondering if it would be possible to have a kind of a dummy's guide to why RST and potentially other packets are dropped. It might be useful for those of us who aren't TCP aficionados and see interesting things like this in the logs.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Top
Post Reply

Return to “Atomic Protector (formerly ASL)”