iptables problem
Bill Tangren
bjt at aa.usno.navy.mil
Wed Oct 19 17:56:46 UTC 2005
I have the following rules set up to handle bad packets. I extracted
this from the output of "service iptables status":
Chain bad_packets (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID LOG flags 0 level 4 prefix `Invalid packet: '
DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
bad_tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
The rules in /etc/sysconfig/iptables are:
-A bad_packets -m state --state INVALID -j LOG --log-prefix "Invalid
packet: "
-A bad_packets -m state --state INVALID -j DROP
-A bad_packets -p tcp -j bad_tcp_packets
-A bad_packets -j RETURN
The thing is, the "Invalid packet" rule catches a few hundred packets a
day, and logs them. A number of those packets come from 209.132.177.100
(xmlrpc.rhn.redhat.com), the rhn up2date server. The LogWatch output can
look like this:
From 209.132.177.100 - 24 packets
To 10.1.5.154 - 24 packets
Service: 33353 (tcp/33353) (Invalid packet:,eth0,none) - 4 packets
Service: 33935 (tcp/33935) (Invalid packet:,eth0,none) - 10 packets
Service: 33951 (tcp/33951) (Invalid packet:,eth0,none) - 10 packets
I get LogWatch entries like this every time I run u2date. I am assuming
that there is some problem with the iptables rules I have set up, but I
don't know what they might be.
Does anyone have any thoughts on this?
Bill
More information about the redhat-list
mailing list