Re: What are these and how can I not log them?

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Simon <tanstaafl@libertytrek.org>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: What are these and how can I not log them?
Date: Mon, 07 Jul 2008 18:57:54 -0400	[thread overview]
Message-ID: <48729F72.5060502@libertytrek.org> (raw)
In-Reply-To: <48729582.909@riverviewtech.net>

Hi Grant,

Thanks for the response...

>> Jul  7 17:52:46 myhost IPTABLES-IN Default Drop: IN=eth0 OUT= 
>> MAC=ff:ff:ff:ff:ff:ff:00:08:9b:ac:c3:41:08:00 SRC=192.168.1.75 
>> DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP 
>> SPT=137 DPT=137 LEN=58

> These are NetBIOS Name Service packets.  These packets are from Windows 
> computers (or any computer using Windows networking) looking for other 
> computers on the network.

Ok, makes sense, at least for the computers inside my network - but when 
the flood happens, it is from a non-local IP address, although I can't 
swear that the source/dest ports are the same... I'll have to watch for 
the next one and grab a snippet...

> With out knowing what you have in your firewall I can not even begin to 
> tell you how to not get them in your logs.  It looks like (based on the 
> "IPTABLES-IN Default Drop") that this is a catch all rule that drops any 
> thing that has not explicitly been previously allowed.

Yeah, I had someone help me set this up years ago, and I told him I 
wanted it buttoned up as tight as possible. He even added rules to block 
most OUT bound traffic as well, which I have since learned is probably 
not a great idea...

Any chance you or someone could help me in re-evaluating my current ruleset?

To dump the current rules to a file I'd just do:

iptables-save > myrules

Then just copy/paste the contents here for evaluation (if thats ok)?

Thanks again for your time...

next prev parent reply	other threads:[~2008-07-07 22:57 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-07 21:57 What are these and how can I not log them? Simon
2008-07-07 22:15 ` Grant Taylor
2008-07-07 22:57   ` Simon [this message]
2008-07-07 23:00     ` Simon
2008-07-08  2:25       ` Grant Taylor
2008-07-08  2:29     ` Grant Taylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48729F72.5060502@libertytrek.org \
    --to=tanstaafl@libertytrek.org \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox