[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

iptables problem

I have the following rules set up to handle bad packets. I extracted this from the output of "service iptables status":

Chain bad_packets (1 references)
target     prot opt source               destination
LOG        all  --             state
 INVALID LOG flags 0 level 4 prefix `Invalid packet: '
DROP       all  --             state
bad_tcp_packets  tcp  --  
RETURN     all  --  

The rules in /etc/sysconfig/iptables are:

-A bad_packets -m state --state INVALID -j LOG --log-prefix "Invalid
 packet: "
-A bad_packets -m state --state INVALID -j DROP
-A bad_packets -p tcp -j bad_tcp_packets
-A bad_packets -j RETURN

The thing is, the "Invalid packet" rule catches a few hundred packets a day, and logs them. A number of those packets come from (xmlrpc.rhn.redhat.com), the rhn up2date server. The LogWatch output can look like this:

From - 24 packets
  To - 24 packets
     Service: 33353 (tcp/33353) (Invalid packet:,eth0,none) - 4 packets
     Service: 33935 (tcp/33935) (Invalid packet:,eth0,none) - 10 packets
     Service: 33951 (tcp/33951) (Invalid packet:,eth0,none) - 10 packets

I get LogWatch entries like this every time I run u2date. I am assuming that there is some problem with the iptables rules I have set up, but I don't know what they might be.

Does anyone have any thoughts on this?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]