Hi,
I've got following messages in my firewalllog:
Apr 30 01:53:26 starflake kernel: IN=eth0 OUT=
MAC=00:e0:4c:90:79:54:00:50:fc:21:9a:82:08:00 SRC=62.176.78.125 DST=193.174.11.198 LEN=78 TOS=0x00
PREC=0x00 TTL=8 ID=2103 PROTO=UDP SPT=3268 DPT=137 LEN=58
Apr 30 01:53:26 starflake kernel: klogd 1.4.1, ---------- state change
----------
Apr 30 01:53:26 starflake kernel: Inspecting
/boot/System.map-2.4.18-64GB-SMP
Apr 30 01:53:26 starflake kernel: Loaded 13537 symbols from
/boot/System.map-2.4.18-64GB-SMP.
Apr 30 01:53:26 starflake kernel: Symbols match kernel version 2.4.18.
Apr 30 01:53:26 starflake kernel: Loaded 548 symbols from 32 modules.
Port 137 above is loged and filtered by my iptablerules.
Some of ports on my computer are accessible from internet, e.g. 22 for ssh.
My rules logs only forbidden acces.
I dont understand the kernelmessages about the Inspecting of the
Kernel-Modules at the same time as the forbidden port-access ist logged.
What is your opinion?
More Infos? Here are my iptables loaded for my interface on my computer:
At the moment i have only running dhcp-server, sun-rpc, ssh, squid and
cups on 631. Smaba, popd and imapd are not installed at the moment.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere tcp dpt:imap
ACCEPT tcp -- anywhere tcp dpt:http-alt
ACCEPT udp -- anywhere udp dpt:netbios-ns
ACCEPT udp -- anywhere udp dpt:netbios-dgm
ACCEPT tcp -- anywhere tcp dpt:netbios-ssn
ACCEPT udp -- <nameserver> anywhere udp spt:domain
ACCEPT tcp -- <nameserver> anywhere tcp spt:domain
ACCEPT udp -- anywhere udp spt:bootpc
dpt:bootps
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp
source-quench
ACCEPT icmp -- anywhere anywhere icmp
time-exceeded
ACCEPT icmp -- anywhere anywhere icmp
parameter-problem
REJECT tcp -- anywhere anywhere tcp dpt:ident
reject-with tcp-reset
LOG all -- anywhere anywhere LOG level
warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:http
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ssh
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:domain
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:domain
ACCEPT udp -- anywhere spt:bootps
dpt:bootpc
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
LOG all -- anywhere anywhere LOG level
warning
REJECT tcp -- anywhere anywhere reject-with
tcp-reset
REJECT udp -- anywhere anywhere reject-with
icmp-port-unreachable
DROP all -- anywhere anywhere
