[Nelug] iptables doing unwanted logging
james.barton at blueyonder.co.uk
Tue Aug 12 13:18:01 UTC 2003
I'm probably doing something really dumb here, but if you could point it
out, I'll wear my dunce hat without complaining.
I noticed that syslog has a lot of stuff from iptables in it, and I don't
think it should be there. I've attached my firewall script, it's
definitely running on the gateway, and it clears all existing rules when
Since I was ssh'd into the server, most of the lines I saw in syslog were
connections into the machine from my workplace, looking like this:
Aug 12 13:13:54 gateway kernel: IN=eth0 OUT=
DST=22.214.171.124 LEN=92 TOS=0x00 PREC=0x00 TTL=123 ID=54309 DF PROTO=TCP
SPT=62528 DPT=22 WINDOW=64240 RES=0x00 ACK PSH URGP=0
Now I think they should have been caught by this rule (the variables for
the name and the IP address do have the right values):
$IPTABLES -A INPUT -i $EXTERNAL_IF_1 -p TCP -s $ANYWHERE -d $EXTERNAL_IP_1
--dport 20:24 -j ACCEPT
and hence not logged. What have I missed?
The only logging done explicitly in the script is by the 'worry' chain,
and all packets sent through that chain are dropped. Since I can actually
use an SSH connection, this can't be happening. Is there some implicit
logging that I haven't turned off?
Any help appreciated,
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Nelug