Inbound UDP Services
Code: Select all
FW_INBOUND_UDP_SERVICES: 53,67,68,123
Code: Select all
server04 kernel: ASL_AR_DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1c:c4:13:12:38:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556
But it's stil blocking.
grep UDP /etc/asl/config
Code: Select all
FW_INBOUND_UDP_SERVICES="53,67,68,123"
FW_OUTPUT_UDP_SERVICES="no"
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
ASL-ACTIVE-RESPONSE all -- 31.16.167.36 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 190.123.46.52 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 82.40.41.200 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 60.173.11.104 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 88.3.6.220 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 120.43.6.47 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 186.242.227.160 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 54.246.137.243 0.0.0.0/0 /* 1411073570.8507345 */
ASL-ACTIVE-RESPONSE all -- 90.195.159.64 0.0.0.0/0 /* 1411073458.8492313 */
ASL-ACTIVE-RESPONSE all -- 108.61.230.200 0.0.0.0/0 /* 1411073265.8472456 */
ASL-ACTIVE-RESPONSE all -- 2.126.132.215 0.0.0.0/0 /* 1411073249.8458950 */
ASL-ACTIVE-RESPONSE all -- 86.16.56.123 0.0.0.0/0 /* 1411073189.8450578 */
ASL-ACTIVE-RESPONSE all -- 217.146.1.38 0.0.0.0/0 /* 1411073091.8434951 */
ASL-ACTIVE-RESPONSE all -- 46.32.254.163 0.0.0.0/0 /* 1411072471.8217531 */
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ASL-ACTIVE-RESPONSE all -- 54.246.137.243 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 2.126.132.215 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 208.66.193.102 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 50.87.144.145 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 87.195.107.73 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 209.133.111.211 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 81.169.191.4 0.0.0.0/0
ASL-WHITELIST all -- 0.0.0.0/0 0.0.0.0/0
ASL-GEO-BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0
ASL-BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0
ASL-ACTIVE-RESPONSE all -- 204.51.181.169 0.0.0.0/0 /* 1410251048.579830 */
ASL-ACTIVE-RESPONSE all -- 204.51.219.57 0.0.0.0/0 /* 1410251048.579191 */
ASL-ACTIVE-RESPONSE all -- 216.121.43.105 0.0.0.0/0 /* 1410251048.578550 */
ASL-ACTIVE-RESPONSE all -- 61.174.51.214 0.0.0.0/0 /* 1410250973.577265 */
ASL-ACTIVE-RESPONSE all -- 77.73.102.87 0.0.0.0/0 /* 1410250969.575417 */
ASL-ACTIVE-RESPONSE all -- 209.141.57.41 0.0.0.0/0 /* 1410250955.573205 */
ASL-ACTIVE-RESPONSE all -- 0.0.0.0 0.0.0.0/0 /* 1410250861.569403 */
ASL-ACTIVE-RESPONSE all -- 213.251.182.11 0.0.0.0/0 /* 1410250732.568713 */
ASL-ACTIVE-RESPONSE all -- 87.195.107.70 0.0.0.0/0 /* 1410250479.565609 */
ASL-ACTIVE-RESPONSE all -- 108.161.186.122 0.0.0.0/0 /* 1410250172.564960 */
ASL-ACTIVE-RESPONSE all -- 87.195.107.116 0.0.0.0/0 /* 1410249658.560382 */
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:30000 state NEW
ASL-TORTIXD-ACL tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:30000 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9876 /* IN_acronic */
Code: Select all
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:106
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:990
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5224
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5432
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6308
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8447
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8880
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9080
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:11443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:11444
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:67
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 7 level 6 prefix `DROP_ASL_INPUT '
DROP all -- 0.0.0.0/0 0.0.0.0/0