Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Still get a problem with asl-firewall

https://forums.atomicorp.com/viewtopic.php?t=7793

Page 1 of 1

Still get a problem with asl-firewall

Posted: Thu Sep 18, 2014 5:19 pm
by DarkF@der
I have configured UDP to accept dhcp in the webconsole:

Inbound UDP Services

Code: Select all


FW_INBOUND_UDP_SERVICES: 53,67,68,123
Restarted asl-firewall but no luck still seeing these messages:

Code: Select all

server04 kernel: ASL_AR_DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1c:c4:13:12:38:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=20 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556
I also tryed asl -s -f
But it's stil blocking.

grep UDP /etc/asl/config

Code: Select all

FW_INBOUND_UDP_SERVICES="53,67,68,123"
FW_OUTPUT_UDP_SERVICES="no"
iptables -L INPUT -n

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ASL-ACTIVE-RESPONSE  all  --  31.16.167.36         0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  190.123.46.52        0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  82.40.41.200         0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  60.173.11.104        0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  88.3.6.220           0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  120.43.6.47          0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  186.242.227.160      0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  54.246.137.243       0.0.0.0/0           /* 1411073570.8507345 */
ASL-ACTIVE-RESPONSE  all  --  90.195.159.64        0.0.0.0/0           /* 1411073458.8492313 */
ASL-ACTIVE-RESPONSE  all  --  108.61.230.200       0.0.0.0/0           /* 1411073265.8472456 */
ASL-ACTIVE-RESPONSE  all  --  2.126.132.215        0.0.0.0/0           /* 1411073249.8458950 */
ASL-ACTIVE-RESPONSE  all  --  86.16.56.123         0.0.0.0/0           /* 1411073189.8450578 */
ASL-ACTIVE-RESPONSE  all  --  217.146.1.38         0.0.0.0/0           /* 1411073091.8434951 */
ASL-ACTIVE-RESPONSE  all  --  46.32.254.163        0.0.0.0/0           /* 1411072471.8217531 */
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ASL-ACTIVE-RESPONSE  all  --  54.246.137.243       0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  2.126.132.215        0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  208.66.193.102       0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  50.87.144.145        0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  87.195.107.73        0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  209.133.111.211      0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  81.169.191.4         0.0.0.0/0
ASL-WHITELIST  all  --  0.0.0.0/0            0.0.0.0/0
ASL-GEO-BLACKLIST  all  --  0.0.0.0/0            0.0.0.0/0
ASL-BLACKLIST  all  --  0.0.0.0/0            0.0.0.0/0
ASL-ACTIVE-RESPONSE  all  --  204.51.181.169       0.0.0.0/0           /* 1410251048.579830 */
ASL-ACTIVE-RESPONSE  all  --  204.51.219.57        0.0.0.0/0           /* 1410251048.579191 */
ASL-ACTIVE-RESPONSE  all  --  216.121.43.105       0.0.0.0/0           /* 1410251048.578550 */
ASL-ACTIVE-RESPONSE  all  --  61.174.51.214        0.0.0.0/0           /* 1410250973.577265 */
ASL-ACTIVE-RESPONSE  all  --  77.73.102.87         0.0.0.0/0           /* 1410250969.575417 */
ASL-ACTIVE-RESPONSE  all  --  209.141.57.41        0.0.0.0/0           /* 1410250955.573205 */
ASL-ACTIVE-RESPONSE  all  --  0.0.0.0              0.0.0.0/0           /* 1410250861.569403 */
ASL-ACTIVE-RESPONSE  all  --  213.251.182.11       0.0.0.0/0           /* 1410250732.568713 */
ASL-ACTIVE-RESPONSE  all  --  87.195.107.70        0.0.0.0/0           /* 1410250479.565609 */
ASL-ACTIVE-RESPONSE  all  --  108.161.186.122      0.0.0.0/0           /* 1410250172.564960 */
ASL-ACTIVE-RESPONSE  all  --  87.195.107.116       0.0.0.0/0           /* 1410249658.560382 */
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:30000 state NEW
ASL-TORTIXD-ACL  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:30000 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:9876 /* IN_acronic */
iptables -L ASL-Firewall-INPUT -n

Code: Select all

target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:106
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:113
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:465
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:990
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5224
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5432
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:6308
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8447
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8880
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9080
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:11443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:11444
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:67
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:68
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:123
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 5 LOG flags 7 level 6 prefix `DROP_ASL_INPUT '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Re: Still get a problem with asl-firewall

Posted: Thu Sep 18, 2014 8:55 pm
by prupert
The log says 'ASL_AR_DROP' which suggests that the IP address is shunned.

I also noticed this tweet from atomicorp:
https://twitter.com/atomicorp/status/512615275859312640
"Added in code to not shun broadcast 0.0.0.0 or 255.255.255.255"

Hooray?
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited