On Tue, 2004-03-09 at 22:23, Don Levey wrote: > Interestingly, shortly after I enabled these logs, I'm noticing two > logged block messages. However, they are from addresses I didn't think > I was blocking. The addresses in question are: > 218.9.130.252 > 218.72.107.86 > but the only rule I have that's even close is: > -A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j LOG --log-level WARN > --log-prefix IPTABLES-REJECT-09- --log-ip-options --log-tcp-options > -A RH-Lokkit-0-50-INPUT -s 218.148.121.0/8 -j REJECT > > (I've added numbers to the prefixes for debugging purposes, but so far I > haven't logged another message). I would imagine that these messages > wouldn't be from the rules above, as the addresses don't match. > However, the overall blanket blocks at the end aren't logged, and the > outside firewall seems to log other accesses to that server which are > *not* getting logged but are also not on permitted ports (in particular, > 135). Any thoughts? > -Don > > Silly me, I misinterpreted the rule I wrote regarding the 218.x.x.x/8. *never mind*... -Don
