On Fri, 15 Feb 2002, GREGOR wrote:
> uuuups... I'm sorry for the typo..... the following lines are what actually
> written in my ipfilter.conf file :
>
> # New Port 53 filter start
> IP_LIST="`cat /etc/dns_floods`"
> for IP in $IP_LIST; do
> $IPCH -I input -j DENY -p tcp -s $IP/32 -d $EXTERN_IP/32 53 -i $EXTERN_IF
> done; unset IP
> #New Port 53 filter end
Well, it appears okay to me now. Perhaps you put it in the wrong place?
I did look at the logs again:
> Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6
> 167.216.144.43:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=239 (#48)
and because the port is 53 (dns), the protocol is tcp (typically only used
for zone transfers), the flags are zero (no SYN bit, so it is not a
connection initiation packet) and given the number of packets, perhaps
it could be due to you running a DNS server on your firewall that is
attempting to initiate inbound zone transfers and these are reply packets?
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
