LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-12-2008, 10:59 AM   #1
Fredde87
Member
 
Registered: Aug 2005
Posts: 158

Rep: Reputation: 30
Blocking all packets


Hi,

I am having some funny problems. I recently tried migrating a work project from Debian etch to Debian lenny just to see how it would work incase we decide to move to Lenny when it is finished.

One of the features our device has is that it allows users to create firewall rules and then use pppd to dial on demand. This worked fine in etch without any problems.

For testing I made a pppd call with a idle timeout of 120, I then cleared all my iptables rules and just added a drop all in every chain/table. What should happen now is that after 120 seconds pppd sees that no data has been sent in that time and drops the call.

However what I am seeing is that even though iptables drops all data the call still manages to stay up. Roughly every 30-60 seconds I can see data leaving (I can see this on my modems screen which sees ~100 bytes being sent).

I thought maybe it was conntrack doing something so I unloaded both the conntrack module for gre and pptp but I still se data leaving the box.

What else can send data even though iptables is blocking all data? I can only think that it must be a kernel module, am I right?


Thanks!
 
Old 12-12-2008, 11:33 AM   #2
Fredde87
Member
 
Registered: Aug 2005
Posts: 158

Original Poster
Rep: Reputation: 30
I must say, there is something about posting on LQ which stimulates your brain so that you figure it out yourself just a few minutes later.

The cause turned out to be portmap. Stopping portmap solved the problem and no data is now being sent if iptables drops all packets. Weird though, I would have though portmap would go through iptables?
 
Old 12-12-2008, 04:23 PM   #3
x_terminat_or_3
Member
 
Registered: Mar 2007
Location: Plymouth, UK
Distribution: Fedora Core, RHEL, Arch
Posts: 342

Rep: Reputation: 38
It doesn't, not normally, but it'd depend on how exactly you told your firewall to block packets.

If it was something like:

-A OUTPUT -m state --state NEW -j DROP

Then, any active connections would still work, whereas if you had something like this:

-A OUTPUT -j DROP

nothing could get past that.

Another point of interest, is that you may want to flush your firewall rules before adding a block-all, it may end up in the wrong order otherwise and be in-effective. Again, we would need to see your rule-set to be of further help
 
Old 12-15-2008, 04:29 AM   #4
Fredde87
Member
 
Registered: Aug 2005
Posts: 158

Original Poster
Rep: Reputation: 30
Sorry I should have been more precice. I did flush all my rules for the testing, even removing the NAT. I also did not specify I state, I litterally only did the following,

iptables -F
iptables -I INPUT -j DROP
iptables -I OUTPUT -j DROP
iptables -I FORWARD -j DROP
iptables -I OUTPUT -t nat -j DROP
iptables -I PREROUTING -t nat -j DROP
iptables -I POSTROUTING -t nat -j DROP
conntrack -F (flush existing established connections).

The device would however still send data until I stopped portmap. Am I thinking correctly that it shouldnt be able to? Or am I missing something?
 
Old 12-15-2008, 02:16 PM   #5
x_terminat_or_3
Member
 
Registered: Mar 2007
Location: Plymouth, UK
Distribution: Fedora Core, RHEL, Arch
Posts: 342

Rep: Reputation: 38
Far as I can see, should disallow any new and existing connections both inbound and outbound. Also you didn't specify a device, so the same applies to loopback adapter.

It is possible, however, that the physical layer is sending those packets, but as far as I know, it wouldn't, not after your NIC is already up.

http://en.wikipedia.org/wiki/Physical_Layer
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Phantom firewall blocking packets kwc5811 Linux - Security 5 10-04-2005 04:53 PM
packets sent VS packets received fsasya Linux - Networking 0 07-18-2004 08:11 PM
encapsulating TCP packets in UDP packets... yoshi95 Programming 3 06-03-2004 03:53 PM
Problem of blocking ICMP packets while calculating Path MTU myself_rajat Linux - Networking 3 05-11-2004 01:47 AM
anybody know what these packets are ? mr.moto Linux - Security 3 03-25-2003 04:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration