ASL firewall dummy's guide
Posted: Fri Nov 07, 2014 7:48 pm
I've noticed that a number of firewall drop events for the DROP_ASL_INPUT chain are being logged where the destination port is valid and open (e.g. 443, or 80).
For example:
They tend to all be RST
For example:
Code: Select all
DROP_ASL_INPUT IN=venet0 OUT= MAC= SRC=[redacted] DST=[redacted] LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=TCP SPT=64424 DPT=443 SEQ=2602010600 ACK=2602010600 WINDOW=0 RES=0x00 RST URGP=0I was wondering if it would be possible to have a kind of a dummy's guide to why RST and potentially other packets are dropped. It might be useful for those of us who aren't TCP aficionados and see interesting things like this in the logs.TCP RST packets are used to close open TCP connections gracefully. For more information about the TCP RST read RFC 793 - Transmission Control Protocol