Fandelem
12-05-2000, 01:09 AM
mutter..
Dec 5 00:58:37 server kernel: Packet log: input DENY ppp0 PROTO=6 24.5.54.119:1332 209.212.133.78:1
1019 L=48 S=0x00 I=5602 F=0x4000 T=109 SYN (#61)
Dec 5 00:58:41 server kernel: Packet log: input DENY ppp0 PROTO=6 24.5.54.119:1332 209.212.133.78:1
1019 L=48 S=0x00 I=5603 F=0x4000 T=109 SYN (#61)
Dec 5 00:58:46 server kernel: Packet log: input DENY ppp0 PROTO=6 24.5.54.119:1332 209.212.133.78:1
1019 L=48 S=0x00 I=5605 F=0x4000 T=109 SYN (#61)
Dec 5 01:05:49 server kernel: Packet log: input DENY ppp0 PROTO=1 24.5.54.119:3 209.212.133.78:3 L=
56 S=0x00 I=7441 F=0x0000 T=109 (#61)
this last entry - if I'm denying type/code 3, wouldn't that _seriously_ screw my network up? (I've read a bunch and I'm pretty sure I'm right about that) Why is it blocking it then? [read on..]
this happens every now and then.. but the thing that boggles me is the last one.. notice the ports it's trying.. an ICMP packet to type/code 3.. but in my IPCHAINS rules I have:
$IPCHAINS -A input -p icmp -s $REMOTENET 0 -i $OUTERIF -j ACCEPT
$IPCHAINS -A input -p icmp -s $REMOTENET 8 -i $OUTERIF -j ACCEPT
$IPCHAINS -A input -p icmp -s $REMOTENET 11 -i $OUTERIF -j ACCEPT
$IPCHAINS -A input -b -i $OUTERIF -p icmp -s $OUTERNET ! 3 -d $REMOTENET -j DENY -l
I'm glad to see things being blocked in my logfiles, but it is disturbing to me that if I specify to deny anything but type/code 3 - why would this show up in my logfile in the first place?
regards,
~kyle
[This message has been edited by Fandelem (edited 05 December 2000).]
Dec 5 00:58:37 server kernel: Packet log: input DENY ppp0 PROTO=6 24.5.54.119:1332 209.212.133.78:1
1019 L=48 S=0x00 I=5602 F=0x4000 T=109 SYN (#61)
Dec 5 00:58:41 server kernel: Packet log: input DENY ppp0 PROTO=6 24.5.54.119:1332 209.212.133.78:1
1019 L=48 S=0x00 I=5603 F=0x4000 T=109 SYN (#61)
Dec 5 00:58:46 server kernel: Packet log: input DENY ppp0 PROTO=6 24.5.54.119:1332 209.212.133.78:1
1019 L=48 S=0x00 I=5605 F=0x4000 T=109 SYN (#61)
Dec 5 01:05:49 server kernel: Packet log: input DENY ppp0 PROTO=1 24.5.54.119:3 209.212.133.78:3 L=
56 S=0x00 I=7441 F=0x0000 T=109 (#61)
this last entry - if I'm denying type/code 3, wouldn't that _seriously_ screw my network up? (I've read a bunch and I'm pretty sure I'm right about that) Why is it blocking it then? [read on..]
this happens every now and then.. but the thing that boggles me is the last one.. notice the ports it's trying.. an ICMP packet to type/code 3.. but in my IPCHAINS rules I have:
$IPCHAINS -A input -p icmp -s $REMOTENET 0 -i $OUTERIF -j ACCEPT
$IPCHAINS -A input -p icmp -s $REMOTENET 8 -i $OUTERIF -j ACCEPT
$IPCHAINS -A input -p icmp -s $REMOTENET 11 -i $OUTERIF -j ACCEPT
$IPCHAINS -A input -b -i $OUTERIF -p icmp -s $OUTERNET ! 3 -d $REMOTENET -j DENY -l
I'm glad to see things being blocked in my logfiles, but it is disturbing to me that if I specify to deny anything but type/code 3 - why would this show up in my logfile in the first place?
regards,
~kyle
[This message has been edited by Fandelem (edited 05 December 2000).]