Don Levey wrote:
--snipped
Interestingly, shortly after I enabled these logs, I'm noticing two
logged block messages. However, they are from addresses I didn't think
I was blocking. The addresses in question are:
218.9.130.252
218.72.107.86
but the only rule I have that's even close is:
-A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j LOG --log-level WARN
--log-prefix IPTABLES-REJECT-09- --log-ip-options --log-tcp-options
-A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j REJECT
You are blocking the entire 218.0.0.0 network.
(I've added numbers to the prefixes for debugging purposes, but so far I
haven't logged another message). I would imagine that these messages
wouldn't be from the rules above, as the addresses don't match. However, the overall blanket blocks at the end aren't logged, and the
outside firewall seems to log other accesses to that server which are
*not* getting logged but are also not on permitted ports (in particular,
135). Any thoughts?
-Don
