I have a lot of these logs from my firewall in the messages log. I have the
firewall set to allow some of these messages through to certain hosts. Is
it a bad idea to open it up to all hosts? They don't appear with any
regular frequency: over a couple days, or a few days in between before the
next batch. They always occur in groups of 4 to the destination IP address.
Why are they being blocked? And what is my comp trying to send? I whois'ed
some of the IPs and they are in domains I'm not familiar with.
Regards,
Drew
[EMAIL PROTECTED]
ipchains script re: port 3 -cut-
# (3) Dest_Unreachable, Service_Unavailable
# incoming & outgoing size negotiation, service or
# destination unavailability, final traceroute response
ipchains -A input -i $EXTERNAL_INTERFACE -p icmp -s $ANYWHERE 3 -d
$IPADDR -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p icmp -s $IPADDR 3 -d $MY_ISP -j
ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p icmp -s $IPADDR
fragmentation-needed -d $ANYWHERE -j ACCEPT
-cut-
Example kernel log message:
Nov 14 16:26:31 tenchi kernel: Packet log: output REJECT eth0 PROTO=1
me.me.me.me:3 207.217.98.200:3 L=92 S=0xC0 I=6596 F=0x0000 T=255 (#58)
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list