On Fri, Aug 13, 2004 at 08:13:21AM -0700, Wanda Round wrote: > Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC= > SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115 > ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 > > What are these lines telling me? Where can I find a simpler explanation > of iptables logs?
They are TCP/IP header fields, and if you don't already know what they mean, they probably aren't useful to you; but a reference on TCP/IP would be enlightening. If you're trying to figure out why they were printed in the first place, it's because your iptables configuration ("iptables --list") decided they were worth logging, probably because the packets were dropped. You should try to figure out which rule matched the packet. You can do this by either tracing the rules "by hand", or adding a --log-prefix to the logging rules. If the rules are created by a firewall tool, the latter might be hard (I wish firewall tools would always add a string to the log, so the user can see which policy is violated); perhaps you could iptables-save, add the --log-prefix options, iptables-restore. But it's probably not worth spending too much time tracking this down. Bad packets, not even malicious ones, are part of the background noise of the internet. Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]