Re: IP fw-in deny (web-enabled monitor?)
I had asked:
> > kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
> > S=0x00 I=53838 F=0x0000 T=128
>
> [...] Or should I filter them out with "grep -v" or such?
Thanks to a pointer from Dean Carpenter <deano@areyes.com>, I found that
ipmasq had turned on logging for those types of messages. "ipmasq -d"
listed two ipfwadm rules with "-o", so I edited the corresponding
/etc/ipmasq/rules (.def) files and saved them as .rul files (and
verified the changes by running "ipmasq -d" again).
And now I can spot those port scans again. :-)
Tod
Reply to: