Search this site:

Why is my firewall leaking packets?

As we Amiga fans and ex-users use to say: “Oh, no, not Boing again”. The network has been quite shitty for the last couple of days here at IIEc. I was a bit pissed at it - but hey, I have one of those surges of things to do. I have not seriously even read my mail for most of the week… It’ll get better eventually. :-/ Today, my boss came to my office, and we started talking about why the network was so fscking shitty. He told me there was a new virus on the loose there - Perhaps I could stop it with the firewall? Well, just to a certain point, as I cannot control what enters our users’ mail - after all, most of them have their mail at, one of this University’s largest sources of headache… No, he says this virus spreads itself via SMB connections… And we have already two machines that caught it. Hmmmm… After a quick tcpdump, I see some packets from outside my network. A shiver… iptables-save… Empty rulelist… Well, it turns out that some days ago, I was debugging some rules, as some machines at our library couldn’t connect to a service they require, which is provided as an Access-based system on a remote SMB share. I disabled the firewalling rules to rule out I was the culprit. The problem persisted. I was on the phone for ~20 minutes with the guys at DGB… And, yes, as I am looking at too many things at once, I simply forgot to turn them back on. As a result, two users got infected. This particular virus seems to wipe the MBR or something like that - And, as I don’t usually fix virus-related problems (thanks $DEITY), I didn’t offer my help to rescue the data. Two users lost some days worth of job just because I forgot to re-enable the rules… Well, they run Windows, so at least I am sure they now have a faster machine ;-) But anyway, it is depressing to screw up this badly so easily.