IPTABLES logging (was: NTP, ntpdate and ISP-based firewall)
Don Levey
fedora-list at the-leveys.us
Wed Mar 10 13:42:15 UTC 2004
On Tue, 2004-03-09 at 22:23, Don Levey wrote:
> Interestingly, shortly after I enabled these logs, I'm noticing two
> logged block messages. However, they are from addresses I didn't think
> I was blocking. The addresses in question are:
> 218.9.130.252
> 218.72.107.86
> but the only rule I have that's even close is:
> -A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j LOG --log-level WARN
> --log-prefix IPTABLES-REJECT-09- --log-ip-options --log-tcp-options
> -A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j REJECT
>
> (I've added numbers to the prefixes for debugging purposes, but so far I
> haven't logged another message). I would imagine that these messages
> wouldn't be from the rules above, as the addresses don't match.
> However, the overall blanket blocks at the end aren't logged, and the
> outside firewall seems to log other accesses to that server which are
> *not* getting logged but are also not on permitted ports (in particular,
> 135). Any thoughts?
> -Don
>
>
Silly me, I misinterpreted the rule I wrote regarding the 218.x.x.x/8.
*never mind*...
-Don
More information about the fedora-list
mailing list