Re: IPTABLES logging (was: NTP, ntpdate and ISP-based firewall)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Don Levey wrote:

--snipped



Interestingly, shortly after I enabled these logs, I'm noticing two
logged block messages. However, they are from addresses I didn't think
I was blocking. The addresses in question are:
218.9.130.252
218.72.107.86
but the only rule I have that's even close is:
-A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j LOG --log-level WARN
--log-prefix IPTABLES-REJECT-09- --log-ip-options --log-tcp-options
-A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j REJECT


You are blocking the entire 218.0.0.0 network.

(I've added numbers to the prefixes for debugging purposes, but so far I
haven't logged another message). I would imagine that these messages
wouldn't be from the rules above, as the addresses don't match. However, the overall blanket blocks at the end aren't logged, and the
outside firewall seems to log other accesses to that server which are
*not* getting logged but are also not on permitted ports (in particular,
135). Any thoughts?
-Don










[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux