* martian destination and RAW iptable
[not found] <ea182b20901270724r3c7909dbo7ddec6bc92c8afa6@mail.gmail.com>
@ 2009-01-27 15:25 ` Yury Polyanskiy
2009-01-27 18:19 ` Mart Frauenlob
0 siblings, 1 reply; 4+ messages in thread
From: Yury Polyanskiy @ 2009-01-27 15:25 UTC (permalink / raw)
To: netfilter
Hello everyone!
I wanted to filter out the annoying logs:
Jan 24 00:19:54 tetra kernel: martian destination 0.0.0.0 from 1.2.3.4, dev eth0
and issued the following:
#iptables -t raw -I PREROUTING -s 1.2.3.4 -d 0.0.0.0 -j DROP
#iptables -t raw -I PREROUTING -s 1.2.3.4 -j DROP
Amazingly, I'm still getting those pesky log messages. How is this possible?
# uname -a
Linux xxx.xxx.xxx.EDU 2.6.28 #1 SMP PREEMPT Fri Jan 16 00:41:03 EST
2009 i686 GNU/Linux
Thanks in advance for any of your ideas.
Best,
Yury
PS. Please CC me, I'm not on the list.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: martian destination and RAW iptable
2009-01-27 15:25 ` martian destination and RAW iptable Yury Polyanskiy
@ 2009-01-27 18:19 ` Mart Frauenlob
2009-01-27 19:34 ` Yury Polyanskiy
0 siblings, 1 reply; 4+ messages in thread
From: Mart Frauenlob @ 2009-01-27 18:19 UTC (permalink / raw)
To: netfilter
Yury Polyanskiy wrote:
> Hello everyone!
>
> I wanted to filter out the annoying logs:
>
> Jan 24 00:19:54 tetra kernel: martian destination 0.0.0.0 from 1.2.3.4, dev eth0
>
> and issued the following:
>
> #iptables -t raw -I PREROUTING -s 1.2.3.4 -d 0.0.0.0 -j DROP
> #iptables -t raw -I PREROUTING -s 1.2.3.4 -j DROP
>
> Amazingly, I'm still getting those pesky log messages. How is this possible?
>
> # uname -a
> Linux xxx.xxx.xxx.EDU 2.6.28 #1 SMP PREEMPT Fri Jan 16 00:41:03 EST
> 2009 i686 GNU/Linux
>
>
find /proc -name log_martians
set the one for your interface to `0'.
greets
mart
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: martian destination and RAW iptable
2009-01-27 18:19 ` Mart Frauenlob
@ 2009-01-27 19:34 ` Yury Polyanskiy
2009-01-27 23:55 ` Yury Polyanskiy
0 siblings, 1 reply; 4+ messages in thread
From: Yury Polyanskiy @ 2009-01-27 19:34 UTC (permalink / raw)
To: Mart Frauenlob; +Cc: netfilter
On Tue, Jan 27, 2009 at 9:19 PM, Mart Frauenlob
<mart.frauenlob@chello.at> wrote:
> Yury Polyanskiy wrote:
>>
>> Hello everyone!
>>
>> I wanted to filter out the annoying logs:
>>
>> Jan 24 00:19:54 tetra kernel: martian destination 0.0.0.0 from 1.2.3.4,
>> dev eth0
>>
>> and issued the following:
>>
>> #iptables -t raw -I PREROUTING -s 1.2.3.4 -d 0.0.0.0 -j DROP
>> #iptables -t raw -I PREROUTING -s 1.2.3.4 -j DROP
>>
>> Amazingly, I'm still getting those pesky log messages. How is this
>> possible?
>>
>
> find /proc -name log_martians
>
> set the one for your interface to `0'.
>
Thanks, but I was asking how is it possible that a packet slips
through the -s 1.2.3.4 -j DROP rule in PREROUTING.
Y
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: martian destination and RAW iptable
2009-01-27 19:34 ` Yury Polyanskiy
@ 2009-01-27 23:55 ` Yury Polyanskiy
0 siblings, 0 replies; 4+ messages in thread
From: Yury Polyanskiy @ 2009-01-27 23:55 UTC (permalink / raw)
To: netfilter
>>>
>>> I wanted to filter out the annoying logs:
>>>
>>> Jan 24 00:19:54 tetra kernel: martian destination 0.0.0.0 from 1.2.3.4,
>>> dev eth0
>>>
>>> and issued the following:
>>>
>>> #iptables -t raw -I PREROUTING -s 1.2.3.4 -d 0.0.0.0 -j DROP
>>> #iptables -t raw -I PREROUTING -s 1.2.3.4 -j DROP
>>>
>>> Amazingly, I'm still getting those pesky log messages. How is this
>>> possible?
The problem was in arp_process():
814 if (arp->ar_op == htons(ARPOP_REQUEST) &&
815 ip_route_input(skb, tip, sip, 0, dev) == 0) {
So the packet "arp who has 0.0.0.0 tell 1.2.3.4" triggered those log messages.
Sorry for spamming.
Best,
Yury
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-01-27 23:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <ea182b20901270724r3c7909dbo7ddec6bc92c8afa6@mail.gmail.com>
2009-01-27 15:25 ` martian destination and RAW iptable Yury Polyanskiy
2009-01-27 18:19 ` Mart Frauenlob
2009-01-27 19:34 ` Yury Polyanskiy
2009-01-27 23:55 ` Yury Polyanskiy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.