[Nelug] iptables doing unwanted logging
James Barton
james.barton at blueyonder.co.uk
Tue Aug 12 13:18:01 UTC 2003
Hi all,
I'm probably doing something really dumb here, but if you could point it
out, I'll wear my dunce hat without complaining.
I noticed that syslog has a lot of stuff from iptables in it, and I don't
think it should be there. I've attached my firewall script, it's
definitely running on the gateway, and it clears all existing rules when
it starts.
Since I was ssh'd into the server, most of the lines I saw in syslog were
connections into the machine from my workplace, looking like this:
Aug 12 13:13:54 gateway kernel: IN=eth0 OUT=
MAC=00:20:18:3b:71:b8:00:30:80:93:6b:70:08:00 SRC=82.39.56.37
DST=82.39.16.238 LEN=92 TOS=0x00 PREC=0x00 TTL=123 ID=54309 DF PROTO=TCP
SPT=62528 DPT=22 WINDOW=64240 RES=0x00 ACK PSH URGP=0
Now I think they should have been caught by this rule (the variables for
the name and the IP address do have the right values):
$IPTABLES -A INPUT -i $EXTERNAL_IF_1 -p TCP -s $ANYWHERE -d $EXTERNAL_IP_1
--dport 20:24 -j ACCEPT
and hence not logged. What have I missed?
The only logging done explicitly in the script is by the 'worry' chain,
and all packets sent through that chain are dropped. Since I can actually
use an SSH connection, this can't be happening. Is there some implicit
logging that I haven't turned off?
Any help appreciated,
James
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: firewall
Url: http://mailman.lug.org.uk/pipermail/durham/attachments/20030812/872332d3/attachment.txt
More information about the Nelug
mailing list