News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Block RST packet (Sandvine)
Pages: [1]
Topic: Block RST packet (Sandvine)  (Read 4116 times)
« on: October 20, 2007, 05:31:36 »
verbunk *
Posts: 2
Hi Guys,

   In response to all this chatter about comcast using the sandvine appliance to forge rst packets when torrenting, I'd like to use my m0n0 box to block those packets from my network. Tongue

   I realize they are a useful part of the internet but I still want to try it out. I host some open source projects and am pretty steamed comcast is doing this. >:|

          -James
« Reply #1 on: November 02, 2007, 03:51:10 »
cmb *****
Posts: 851
You can't do this with m0n0wall (without some hacking) because as far as it can tell, the RST packets are a valid part of the connection state and are hence passed.

I think you should be able to do this by hacking together some ipfw rules, since ipf is the filter with the state, it won't be affected by your state table. 
« Reply #2 on: November 02, 2007, 04:40:46 »
verbunk *
Posts: 2
I noticed that in the Traffic Shaper config there exists some functionality to check for rst in the tcp header. I was just hoping that could extend to the firewall rules to actually do something with them. Smiley Anyhoo, it seems that comcast isn't pulling any of this in my city so it's not dire for me.

      Thanks!

    -James
« Reply #3 on: November 03, 2007, 04:31:18 »
cmb *****
Posts: 851
The traffic shaper uses ipfw also, yes ipfw is capable of this. But not in the GUI, because the traffic shaper can't block traffic. Restricting it wouldn't work.

Info on how you can accomplish this here.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines