[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

iptables problem



I have the following rules set up to handle bad packets. I extracted this from the output of "service iptables status":

Chain bad_packets (1 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0           state
 INVALID LOG flags 0 level 4 prefix `Invalid packet: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state
 INVALID
bad_tcp_packets  tcp  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

The rules in /etc/sysconfig/iptables are:

-A bad_packets -m state --state INVALID -j LOG --log-prefix "Invalid
 packet: "
-A bad_packets -m state --state INVALID -j DROP
-A bad_packets -p tcp -j bad_tcp_packets
-A bad_packets -j RETURN


The thing is, the "Invalid packet" rule catches a few hundred packets a day, and logs them. A number of those packets come from 209.132.177.100 (xmlrpc.rhn.redhat.com), the rhn up2date server. The LogWatch output can look like this:

From 209.132.177.100 - 24 packets
  To 10.1.5.154 - 24 packets
     Service: 33353 (tcp/33353) (Invalid packet:,eth0,none) - 4 packets
     Service: 33935 (tcp/33935) (Invalid packet:,eth0,none) - 10 packets
     Service: 33951 (tcp/33951) (Invalid packet:,eth0,none) - 10 packets


I get LogWatch entries like this every time I run u2date. I am assuming that there is some problem with the iptables rules I have set up, but I don't know what they might be.

Does anyone have any thoughts on this?

Bill



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]