Re: ipchains DENY question
John Conover said:
> Does anyone have any idea what the following in syslog means:
> Dec 5 14:58:01 themachine kernel: Packet log: input DENY ppp0 PROTO=0
> 0.0.0.0:65535 0.0.0.0:65535 L=40 S=0x00 I=55674 F=0x0000 T=64 (#8)
> What's PROTO 0, IP address 0.0.0.0?
proto 0 is IP (check /etc/protocols)
IP 0.0.0.0 often means all IPs, so it sounds like it is a broadcast of
> BTW, its a ppp dialup connection; the packet is coming from the remote ppp
> connection-obviously. The question is why?
you would have to ask the person running the machine(s) on the other
side of your connection. I would just forget about it, its not worth
investigating. If you try to inquire about every blocked packet on
your firewall, someday you may be spending all your free time doing it.
My firewall blocks on average 24 bytes per second 24/7. probably 500
different source IPs per day.