Richard: Heya. I'll update the fwlog.pl processor at echogent.com so that it offers some advice about packets like these. Charles' advice about how to handle them is good, but I don't think it goes far enough. Here's the "reduce my log noise" from the echowall.rules file. Please note that these rules go *at the very end* of the ipchains setup:
# ------------------------------------------------------------------ # -- Step 12: The very last rules allow anything on the LAN not # -- affected by a DMZ filter to pass, as well as a "Log everything # -- that's not been allowed in by an above rule and is about to be # -- denied" sort of rule. But first, block some harmless log-noise # -- makers that may have made it this far. # #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 255.255.255.255 -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 67 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 68 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 80 -p tcp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 137 -p tcp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 137 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 138 -p tcp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 138 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 520 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_INT -s $NW_INT -j ACCEPT #LASTRULES#$IPCHAINS -A input -i $IF_EXT -s 0/0 -l -j DENY Note that the first one there essentially drops anything, without logging, headed for a broadcast address. I've been lobbying for this collection to be incorporated into the standard Dachstein release. Alas, in time, perhaps. -Scott > I get a lot of these: > > Dec 3 22:55:57 oldbox kernel: Packet log: input REJECT eth1 PROTO=17 > 192.168.77.250:1717 255.255.255.255:162 L=96 S=0x00 I=43029 F=0x0000 > T=31 (#65) > > where 192.168.77.250 is the IP address of my wireless hub. I don't think > I can turn off the behavior in the hub, and I'd rather that the REJECTS > not fill the logs (I get 6-7 entries per hour). > > I'm running the tried and true EigersteinBETA2, and yes, eth1 is the > internal adapter. What's the best approach to take with this stuff? > permit internally? Turn off logging? make a special rule in > ipfilter.conf? > > I'm open to suggestions. > > Richard Minutillo > [EMAIL PROTECTED] > > Oh and BTW, thanks to Paul Rimmer for his suggestion about the port 53 > stuff. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user