Hi, I see something like this in syslog every 5 seconds:
Nov 4 11:16:05 inf-fw2 kernel: net_ratelimit: 102 callbacks suppressed Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.147.139 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.144.89 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.246.58 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.247.223 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.147.11 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.247.228 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:05 inf-fw2 kernel: IPv4: martian source 10.215.246.216 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:05 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:06 inf-fw2 kernel: IPv4: martian source 10.215.247.13 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:06 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:06 inf-fw2 kernel: IPv4: martian source 10.215.247.151 from 10.215.144.91, on dev enp8s5 Nov 4 11:16:06 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... Nov 4 11:16:06 inf-fw2 kernel: IPv4: martian source 10.215.247.179 from 10.215.246.91, on dev enp8s5 Nov 4 11:16:06 inf-fw2 kernel: ll header: 00000000: ff ff ff ff ff ff e8 ea 6a 0c 4c 1c 08 06 ........j.L... The IP addr. 10.215.144.91 is on the Shorewall firewall. I did not define routefilter on any interface and ROUTE_FILTER is No. The shorewall dump is available here: https://drive.google.com/file/d/16-ajeHLOq_TxU_Y6Hs0g34KNR9QpFeGq/view?usp=sharing The "enp8s5" interface is connected to the same switch as the "blan" interface. However, the switch port it's connected to is within an isolated VLAN. How can I deal with these "martian source" messages? Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
