[Leaplist] Oddball iptables messages in my syslog file ....

Scott Moe smoe888 at yahoo.com
Fri Sep 19 09:17:20 EDT 2008 

Looks like you have your log and drop rule on the FORWARD hook of the filter table, but I'm not sure about that. I'd move it to the end of the INPUT hook and add this rule:

iptables -t filter -I INPUT -p tcp --dport 22 -i eth0 -s 192.168.0.0/24 -j ACCEPT

to just accept any ssh packets from the LAN.

Sure is fun to roll your own firewall.

Scott Moe



----- Original Message ----
From: William A. Mahaffey III <wam at hiwaay.net>
To: Linux Group HuntsVegas <luna-list at luna.huntsville.al.us>
Cc: Linux Enthusiasts & Professionals <leaplist at leap-cf.org>
Sent: Friday, September 19, 2008 8:37:36 AM
Subject: [Leaplist] Oddball iptables messages in my syslog file ....


.... I have 2 linux boxen on my LAN, 1 (this box) an AMD64X2 running 
FC9, the other an Intel Q6600 sorta-server running FC7 in runlevel 3. I 
have iptables running on both boxen, with a rule at the end to log 
whatever traffic it doesn't pass & then drop it. I log into the Q6600 
from the FC9 box & often stay logged in for weeks/months. I get many 
messages in the syslog file on the Q6600 like this:


Sep 19 04:21:18 Q6600 kernel: FWDROP:FW:IN=eth0 OUT= 
MAC=00:1a:4d:84:4d:89:00:1a:4d:41:55:27:08:00 SRC=192.168.0.4 
DST=192.168.0.9 LEN=100 TOS=0x08 PREC=0x00 TTL=64 ID=65128 DF PROTO=TCP 
SPT=22 DPT=54804 WINDOW=657 RES=0x00 ACK PSH URGP=0
Sep 19 04:22:02 Q6600 kernel: FWDROP:FW:IN=eth0 OUT= 
MAC=00:1a:4d:84:4d:89:00:1a:4d:41:55:27:08:00 SRC=192.168.0.4 
DST=192.168.0.9 LEN=100 TOS=0x08 PREC=0x00 TTL=64 ID=8822 DF PROTO=TCP 
SPT=22 DPT=36486 WINDOW=2309 RES=0x00 ACK PSH URGP=0
Sep 19 04:22:02 Q6600 kernel: FWDROP:FW:IN=eth0 OUT= 
MAC=00:1a:4d:84:4d:89:00:1a:4d:41:55:27:08:00 SRC=192.168.0.4 
DST=192.168.0.9 LEN=100 TOS=0x08 PREC=0x00 TTL=64 ID=9021 DF PROTO=TCP 
SPT=22 DPT=36486 WINDOW=4618 RES=0x00 ACK PSH URGP=0
Sep 19 04:23:21 Q6600 kernel: FWDROP:FW:IN=eth0 OUT= 
MAC=00:1a:4d:84:4d:89:00:1a:4d:41:55:27:08:00 SRC=192.168.0.4 
DST=192.168.0.9 LEN=100 TOS=0x08 PREC=0x00 TTL=64 ID=12000 DF PROTO=TCP 
SPT=22 DPT=36494 WINDOW=2218 RES=0x00 ACK PSH URGP=0


That MAC address is the concatenation of the MAC address on the 2 
machines. Spt 22 is ssh, presumably from the FC9 box into the Q6600. 
Everything (logins/shells under SSH) is working AOK, just lots of stuff 
in the syslog file as above. This just started happening a few weeks ago 
after a 'yum update all' on the FC9 box. What is causing this clutter ? 
How do I stop it, so more important stuff in the syslog file is not 
drowned out by these messages ? TIA ....

-- 

    William A. Mahaffey III

----------------------------------------------------------------------

    "The M1 Garand is without doubt the finest implement of war
     ever devised by man."
                           -- Gen. George S. Patton Jr.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Leaplist mailing list
Leaplist at leap-cf.org
http://lists.leap-cf.org/mailman/listinfo/leaplist


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list