iptable log-message
jdow
jdow at earthlink.net
Mon May 28 03:08:52 UTC 2007
From: "Tim" <ignored_mailbox at yahoo.com.au>
> Harald Hoyer
>>>> ------- iptables firewall Begin --------
>>>>
>>>> Logged 171 packets on interface eth0
>>>> From 137.227.xxx.xxx - 171 packets to tcp(N1,N2,N3,...,Nn)
>
>
> jdow:
>> The log message suggests that iptables is already dropping or
>> rejecting the packets and logging them.
>
> Not intuitively... That says it logged them, it doesn't explicitly say
> it's logged prevented connections. It'd be less worrying for people if
> it said "logged and dropped packets," or words to that effect. For all
> you know, it's logged something unusual that *happened*.
>
> --
> (This box runs FC6, my others run FC4 & FC5, in case that's
> important to the thread.)
That depends on the way the firewall is setup. Mine, which is a roll
your own firewall, ends up looking like this:
Logged 472 packets on interface eth1
From 8.36.154.121 - 1 packet to udp(1026)
From 12.129.147.9 - 6 packets to udp(33436)
From 22.157.218.75 - 1 packet to udp(1026)
....
Those are all dropped and logged.
(The Washington Post? (12.129.147.9) Really. They are snoopy sorts,
aren't they?)
{^_^}
More information about the fedora-list
mailing list