NTP, ntpdate, and ISP-based firewall
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Thu Mar 4 21:17:50 UTC 2004
Am Do, den 04.03.2004 schrieb Rodolfo J. Paiz um 21:00:
> At 13:29 3/4/2004, you wrote:
> >If your own firewall is blocking the return packets it should show up
> >in your main system logs, /var/log/messages.
>
> It would if you REJECT but not if you DROP, right?
No, there is no difference between REJECT and DROP in that issue. To log
REJECTs and DROPs (I dislike DROP much) you have to set up proper
logging rules with iptables. As an example you might log events with
something like:
iptables -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags
FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 10/min -j LOG
--log-prefix "NMAP-XMAS SCAN: " --log-level 7 --log-tcp-options
--log-ip-options
DROP is just "silent" against the remote initiator and let it timeout
while REJECT sends back a valid rejection information.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 22:11:50 up 13 days, 23:45, load average: 0.55, 0.42, 0.32
[ Γνωθι σ'αυτον - gnothi seauton ]
my life is a planetarium - and you are the stars
More information about the users
mailing list