Re: firewall
Hi,
Following the instructions from http://wiki.debian.org/iptables
I am kinda of "running" the iptables now? (perhaps I understand wrong.
welcome correction.)
One thing a bit unexpected (to me) is that there are continuously
rolling info as following:
Jul 4 22:18:07 Debian dhclient: DHCPREQUEST on eth0 to 172.21.4.192 port 67
Jul 4 22:18:10 Debian kernel: [42251.607781] --log-prefixIN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:1b:78:4a:c7:5f:08:00 SRC=172.21.51.33
DST=255.255.255.255 LEN=149 TOS=0x00 PREC=0x00 TTL=127 ID=0 DF
PROTO=UDP SPT=43619 DPT=17500 LEN=129
Jul 4 22:18:23 Debian kernel: [42264.062275] --log-prefixIN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:26:55:e3:4e:29:08:00 SRC=172.21.48.111
DST=172.21.51.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=11802 PROTO=UDP
SPT=137 DPT=137 LEN=58
Is it normal? or I set something wrong? Here is the output of the iptables -L
c# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8
reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit:
avg 5/min burst 5 LOG level debug prefix "--log-prefix"
REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Thanks ahead for your suggestions,
Best regards,
Reply to: