Re: Strange firewall logs
This log shows that Ipchains is rejecting outbound loopback (lo) traffic with a source IP of 127.0.0.1 and a destination of 127.0.0.1. Protocol 1 is ICMP (see /etc/services) and I think type 3 reports "destination unreachable." If you block ICMP, you will have problems with DNS, timeouts, etc.
More info:
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html#2
Tim
At 04:13 PM 2/10/01 -0800, Micah Anderson wrote:
>I am getting a lot of entries in my logs with the following entries from
>ipchains, I can't quite figure out what port 3 is supposed to be. After
>searching for some time I seem to have found a solution on a site whose
>explanation is only in Danish, which I am very inefficient in:
>
>
>Feb 10 15:11:39 stallman kernel: Packet log: output REJECT lo PROTO=1
>+127.0.0.1:3 127.0.0.1:3 L=92 S=0xC0 I=1350 F=0x0000 T=255 (#64)
>Feb 10 15:20:53 stallman kernel: Packet log: output REJECT lo PROTO=1
>+127.0.0.1:3 127.0.0.1:3 L=92 S=0xC0 I=3190 F=0x0000 T=255 (#64)
>Feb 10 15:30:59 stallman kernel: Packet log: output REJECT lo PROTO=1
>+127.0.0.1:3 127.0.0.1:3 L=92 S=0xC0 I=4545 F=0x0000 T=255 (#64)
>Feb 10 15:40:48 stallman kernel: Packet log: output REJECT lo PROTO=1
>+127.0.0.1:3 127.0.0.1:3 L=92 S=0xC0 I=5884 F=0x0000 T=255 (#64)
>
>
>
>Does anyone know what these are?
>
>Thanks!
>Micah
>
>
>
>--
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: