Re: [OT] iptables q
Jeff D wrote:
On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote:
I have Firehol for iptables front-end and WordPress on Apache.
Access to WP is restricted to me only, like this:
interface ppp0 internet
server http accept src 220.127.116.11
So far so good.
Now the question is: where do the messages in syslog come from, like these:
Jan 15 10:09:12 debian kernel: [42743.308176] ''IN-internet':'IN=ppp0 OUT=
MAC= SRC=18.104.22.168 DST=200.57.20
1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026
because that source does not exist:
hugo@debian:~$ host 22.214.171.124
126.96.36.199 does not exist, try again
Just because you can't resolve an IP address does not mean that it does
not exist. There is no rule that says IP address *have* to have dns
resolution. That IP is a valid address, so it is very possible that it
does exist. Whois info for it says that its from China, I suspect you
will be seeing lots of these, its fairly normal noise.
Thanks Jeff! Whois is the answer.
I am honored to drop the Hei Long Jiang province education committee ;-)