Re: [OT] iptables q

To: debian-user@lists.debian.org
Subject: Re: [OT] iptables q
From: Jeff D <fixedored@gmail.com>
Date: Thu, 15 Jan 2009 09:12:57 -0800 (PST)
Message-id: <[🔎] alpine.DEB.1.10.0901150904110.6658@slayer.technobounce.local>
In-reply-to: <[🔎] gknpba$jgd$1@ger.gmane.org>
References: <[🔎] gknpba$jgd$1@ger.gmane.org>

On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote:

> Hi,
>
> I have Firehol for iptables front-end and WordPress on Apache.
>
> Access to WP is restricted to me only, like this:
>
> interface ppp0 internet
>         policy drop
>         protection strong
>         ...
>         server http accept src 200.57.201.163
>
> So far so good.
>
> Now the question is: where do the messages in syslog come from, like these:
>
> Jan 15 10:09:12 debian kernel: [42743.308176] ''IN-internet':'IN=ppp0 OUT=
> MAC= SRC=202.97.238.233 DST=200.57.20
> 1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026
> LEN=577
>
> because that source does not exist:
>
> hugo@debian:~$ host 202.97.238.233
> 202.97.238.233 does not exist, try again
>
> Hugo
>

Hi,

Just because you can't resolve an IP address does not mean that it does
not exist.  There is no rule that says IP address *have* to have dns
resolution. That IP is a valid address, so it is very possible that it
does exist.  Whois info for it says that its from China, I suspect you
will be seeing lots of these, its fairly normal noise.

Jeff

-- 
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.

Reply to:

Follow-Ups:
- Re: [OT] iptables q
  - From: Hugo Vanwoerkom <hvw59601@care2.com>

References:
- [OT] iptables q
  - From: Hugo Vanwoerkom <hvw59601@care2.com>

Prev by Date: Re: How to regenerate a popularity-contest UUID
Next by Date: Re: [OT] iptables q
Previous by thread: [OT] iptables q
Next by thread: Re: [OT] iptables q
Index(es):
- Date
- Thread