Re: [Leaf-user] SNMP from Wireless Hub

Wed, 05 Dec 2001 11:02:04 -0800 

Richard:

        Heya. I'll update the fwlog.pl processor at echogent.com
so that it offers some advice about packets like these.
        Charles' advice about how to handle them is good, but
I don't think it goes far enough. Here's the "reduce my log
noise" from the echowall.rules file. Please note that these
rules go *at the very end* of the ipchains setup:

# ------------------------------------------------------------------
# --  Step 12: The very last rules allow anything on the LAN not
# --  affected by a DMZ filter to pass, as well as a "Log everything
# --  that's not been allowed in by an above rule and is about to be
# --  denied" sort of rule. But first, block some harmless log-noise
# --  makers that may have made it this far.
#
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 255.255.255.255 -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 67 -p udp -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 68 -p udp -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 80 -p tcp -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 137 -p tcp -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 137 -p udp -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 138 -p tcp -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 138 -p udp -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 520 -p udp -j DENY
#LASTRULES#$IPCHAINS -A input -i $IF_INT -s $NW_INT -j ACCEPT
#LASTRULES#$IPCHAINS -A input -i $IF_EXT -s 0/0 -l -j DENY


        Note that the first one there essentially drops anything,
without logging, headed for a broadcast address.
        I've been lobbying for this collection to be incorporated
into the standard Dachstein release. Alas, in time, perhaps.

-Scott

> I get a lot of these:
>
> Dec  3 22:55:57 oldbox kernel: Packet log: input REJECT eth1 PROTO=17
> 192.168.77.250:1717 255.255.255.255:162 L=96 S=0x00 I=43029 F=0x0000
> T=31 (#65)
>
> where 192.168.77.250 is the IP address of my wireless hub. I don't think
> I can turn off the behavior in the hub, and I'd rather that the REJECTS
> not fill the logs (I get 6-7 entries per hour).
>
> I'm running the tried and true EigersteinBETA2, and yes, eth1 is the
> internal adapter. What's the best approach to take with this stuff?
> permit internally? Turn off logging? make a special rule in
> ipfilter.conf?
>
> I'm open to suggestions.
>
> Richard Minutillo
> [EMAIL PROTECTED]
>
> Oh and BTW, thanks to Paul Rimmer for his suggestion about the port 53
> stuff.



_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to