[lug] firewall logs

Warren Sanders sanders at MontanaLinux.Org
Tue Jan 16 09:12:42 MST 2001


Over the past couple weeks I have set up my firewall to more than just
masquerade.  I have @home and blocked their scans of <1024.  Since then I
have been getting too many kernel: Packet logs.  Here is an example:

Jan 16 08:48:52 Sandman kernel: Packet log: input DENY lo PROTO=17
24.11.6.X.X:138 24.11.X.X:138 L=249 S=0x00 I=32305 F=0x0000 T=64 (#2)

This is my ipchain listing:

[root at Sandman /root]# ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
DENY       tcp  ----l-  24.0.0.0/8           C317121-A.localdomain  any ->
0:1024
DENY       udp  ----l-  24.0.0.0/8           C317121-A.localdomain  any ->
0:1024
DENY       icmp ----l-  24.0.0.0/8           C317121-A.localdomain  any ->
0:1024
ACCEPT     tcp  ------  femail7.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail8.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail9.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail10.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail1.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail2.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail3.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail4.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail5.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  femail6.sdc1.sfba.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  home-www.excite.com  10.0.0.0/24           any ->
1023:65355
ACCEPT     tcp  ------  proxy1.bllngs1.mt.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  proxy2.bllngs1.mt.home.com 10.0.0.0/24
any ->   1023:65535
ACCEPT     tcp  ------  news1.sttls1.wa.home.com 10.0.0.0/24           any
->   1023:65535
ACCEPT     tcp  ------  home-www.excite.com  10.0.0.0/24           any ->
1023:65535
ACCEPT     tcp  ------  ns1.home.net         10.0.0.0/24           any ->
1023:65535
ACCEPT     tcp  ------  ns2.home.net         10.0.0.0/24           any ->
1023:65535
ACCEPT     udp  ------  ns1.home.net         10.0.0.0/24           any ->
1023:65535
ACCEPT     udp  ------  ns2.home.net         10.0.0.0/24           any ->
1023:65535
Chain forward (policy DENY):
target     prot opt     source                destination           ports
MASQ       all  ------  10.0.0.0/24          anywhere              n/a
Chain output (policy ACCEPT):

My concern is... Am I blocking my own packets some how?  FYI  I do have a
domain here but the NS is being hosted elsewhere.

-- 
Warren Sanders
http://MontanaLinux.Org





More information about the LUG mailing list