I am using SuSE 9.1 and SuSEfirewall2. I am trying to block port 1433 and after Googling for examples, I have put the following rule into my SuSEfirewall2-custom (IP address disguised):
fw_custom_before_denyall() { # could also be named "after_forwardmasq()" # these are the rules to be loaded after IP forwarding and masquerading # but before ...[snip]... iptables -A INPUT -i eth0 -d 82.70.xxx.xxx -p tcp --dport 1433 -j DROP
true }But looking at the logs, I still see packets being accepted (3 entries below). Can someone please explain?
Jun 25 17:23:22 mailhost kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:02:44:16:17:0d:00:09:5b:00:6f:8c:08:00 SRC=82.67.164.238 DST=82.70.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=14310 DF PROTO=TCP SPT=1233 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jun 25 17:23:23 mailhost kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:02:44:16:17:0d:00:09:5b:00:6f:8c:08:00 SRC=82.67.164.238 DST=82.70.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=14356 DF PROTO=TCP SPT=1233 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Jun 25 17:23:24 mailhost kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:02:44:16:17:0d:00:09:5b:00:6f:8c:08:00 SRC=82.67.164.238 DST=82.70.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=14406 DF PROTO=TCP SPT=1233 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Thanks.