IPTABLES logging (was: NTP, ntpdate and ISP-based firewall)
Jeff Vian
jvian10 at charter.net
Wed Mar 10 13:27:09 UTC 2004
Don Levey wrote:
>--snipped
>
>Interestingly, shortly after I enabled these logs, I'm noticing two
>logged block messages. However, they are from addresses I didn't think
>I was blocking. The addresses in question are:
> 218.9.130.252
> 218.72.107.86
>but the only rule I have that's even close is:
>-A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j LOG --log-level WARN
>--log-prefix IPTABLES-REJECT-09- --log-ip-options --log-tcp-options
>-A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j REJECT
>
>
You are blocking the entire 218.0.0.0 network.
>(I've added numbers to the prefixes for debugging purposes, but so far I
>haven't logged another message). I would imagine that these messages
>wouldn't be from the rules above, as the addresses don't match.
>However, the overall blanket blocks at the end aren't logged, and the
>outside firewall seems to log other accesses to that server which are
>*not* getting logged but are also not on permitted ports (in particular,
>135). Any thoughts?
> -Don
>
>
>
>
>
More information about the users
mailing list