Help understanding logs
Hello
I have a fairly simple firewall on my workstation - I include the main part of it below.
I noticed the following in my logs and was wondering if any could help me understand it.
Aug 19 01:38:34 candy kernel: rejects !IN=eth0 OUT= MAC=00:e0:7d:b1:52:bd:00:b0:c2:8d:c7:5a:08:00 SRC=62.179.136.1 DST=62.71.40.14 LEN=76 TOS=0x00 PREC=0x00 TTL=51 ID=41222 PROTO=ICMP TYPE=3 CODE=2 [SRC=62.71.40.14 DST=62.179.136.1 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=766 DF PROTO=TCP SPT=3072 DPT=0 WINDOW=0 RES=0x34 URG ACK RST FIN URGP=0 ]
Mainly I am interested in the stuff in the square brackets and why anyone would send an
icmp packet type 3 code 2, which I understand to mean port unreachable.
Sorry for my ignorance. Referrals to sources of info would also be welcome.
t.irvine
# Part of my very simple firewall
# OUTPUT chain - defaults to ACCEPT
# FORWARD chain - defaults to REJECT
$IPTABLES -P INPUT DROP
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -i eth0 -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p udp -i eth0 -j REJECT --reject-with icmp-port-unreachabl e
$IPTABLES -A INPUT -j LOG --log-prefix "rejects !"
--
Whoever thinks a faultless piece to see,
Thinks what ne'er was, nor is, nor ne'er shall be.
Alexander Pope, An Essay On Criticism.
Reply to: