Re: IP fw-in deny (web-enabled monitor?)

To: debian-firewall@lists.debian.org
Subject: Re: IP fw-in deny (web-enabled monitor?)
From: Paul Tod Rieger <prie@abl.com>
Date: Mon, 26 Apr 1999 22:48:46 -0400
Message-id: <[🔎] 3725258E.CF09C004@abl.com>
References: <[🔎] Pine.GUL.4.10.9904221557370.26257-100000@coho.halcyon.com> <[🔎] 371FB800.96BE2C4E@abl.com> <[🔎] 3721EDCD.E120A5E1@abl.com>

I had asked:

> > kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
> > S=0x00 I=53838 F=0x0000 T=128
> 
> [...] Or should I filter them out with "grep -v" or such?

Thanks to a pointer from Dean Carpenter <deano@areyes.com>, I found that
ipmasq had turned on logging for those types of messages.  "ipmasq -d"
listed two ipfwadm rules with "-o", so I edited the corresponding
/etc/ipmasq/rules (.def) files and saved them as .rul files (and
verified the changes by running "ipmasq -d" again).

And now I can spot those port scans again.  :-)

Tod

Reply to:

References:
- Re: IP fw-in deny (?)
  - From: Mark Rafn <dagon@halcyon.com>
- Re: IP fw-in deny (?)
  - From: Paul Tod Rieger <prie@abl.com>
- Re: IP fw-in deny (web-enabled monitor?)
  - From: Paul Tod Rieger <prie@abl.com>

Prev by Date: Re: IP fw-in deny (web-enabled monitor?)
Next by Date: shutting out an IP
Previous by thread: Re: IP fw-in deny (web-enabled monitor?)
Next by thread: RE: IP fw-in deny (?)
Index(es):
- Date
- Thread