Re: How to get rid of this firewall error.

[Mart Frauenlob <mart.frauenlob@chello.at>]

On 30.07.2010 02:49, Ramasubramanian Ramesh wrote:
> It would have helped if I actually include the message :-) Here it is:
>
> [2709614.616138] IN=eth1 OUT=
> MAC=00:16:e6:84:37:c5:00:0f:db:5c:a0:58:08:00 SRC=192.168.1.1
> DST=192.168.1.47 LEN=36 TOS=0x00 PREC=0x00 TTL=64 ID=37027 PROTO=ICMP
> TYPE=8 CODE=0 ID=60352 SEQ=0
>
> 192.168.1.47 is my firewall connected to the DSL modem/router (which I
> think must be 192.168.1.1)
>
> Ramesh
>
>
> Ramasubramanian Ramesh wrote:
> > Hi:
> >
> > My syslog and console window is repeatedly printing the follwing
> > message from my firewall setup. I cannot figure out which program or
> > service is printing this message. My first preference is to modify the
> > source behavior. The second choice is to stop printing the message.
> > I guess I could edit the firewall script. But, I like to get some
> > expert feedback before I proceed this way.
> >
> > Thanks
> > Ramesh
top posting - iihh ugly ;-p

well, it's the netfilter code from the kernel instructed by an iptables 
rule, that spits out that message.
most likely this is a message informing you about a blocked packet.
the question is: who/what set this iptables rule to tell the kernel to 
discard such packets?

my cristal ball is currently somehow foggy, so I can't tell.
maybe you know what firewall frontend you are using?

what to do?
well - to prohibit logging of those packets in the short term a rule 
like this may do the job:
iptables -I INPUT -i eth1 -s 192.168.1.1 -p icmp --icmp-type 8 -j DROP

for the long term:
learn how to configure your firewall frontend or iptables.

but it's you modem/router right?
so it might just check if you online. so it could be a 'good packet', 
which you might want to accept. - same thing as above just with the 
ACCEPT target.


best regards

Mart