RE: [suse-security] Firewall Logging (no CodeRed :-)

Here it is:

Log:
Aug 10 08:06:46 colossus kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.55:137 192.168.1.255:137 L=78 S=0x00 I=2645 F=0x0000 T=128 (#3)

Here my (shortend) firewall.rc.config
FW_DEV_WORLD="eth0"
FW_DEV_INT="eth1"

FW_DEV_DMZ=""

FW_ROUTE="no"

FW_MASQUERADE="no"
FW_MASQ_NETS=""
FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD"

FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes" # "yes" is a good choice

FW_SERVICES_EXTERNAL_TCP="smtp www ftp ssh"     # Common: smtp domain
FW_SERVICES_EXTERNAL_UDP="ssh"
FW_SERVICES_EXTERNAL_IP=""      # For VPN/Routing which END at the firewall!!
#
FW_SERVICES_DMZ_TCP=""         # Common: smtp domain
FW_SERVICES_DMZ_UDP=""         # Common: domain syslog
FW_SERVICES_DMZ_IP=""           # For VPN/Routing which END at the firewall!!
#
FW_SERVICES_INTERNAL_TCP="1:65535"
FW_SERVICES_INTERNAL_UDP="1:65535"
FW_SERVICES_INTERNAL_IP=""      # For VPN/Routing which END at the firewall!!

FW_TRUSTED_NETS=""
FW_SERVICES_TRUSTED_TCP=""      # Common: ssh
FW_SERVICES_TRUSTED_UDP=""      # Common: syslog time ntp
FW_SERVICES_TRUSTED_IP=""       # For VPN/Routing which END at the firewall!!

FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" # Common: "ftp-data" (sadly!)
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" # Common: "DNS" or "domain ntp"

FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SAMBA="no"

FW_FORWARD_TCP=""               # Beware to use this!
FW_FORWARD_UDP=""               # Beware to use this!
FW_FORWARD_IP=""                # Beware to use this!

FW_FORWARD_MASQ_TCP="" # Beware to use this!
FW_FORWARD_MASQ_UDP="" # Beware to use this!

FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""

FW_LOG_DENY_CRIT="no"
FW_LOG_DENY_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"

FW_KERNEL_SECURITY="yes"

FW_STOP_KEEP_ROUTING_STATE="no"

FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"

##
# END of rc.firewall
##

> -----Original Message-----
> From: Bjoern Engels [mailto:bengels@lanworks.de]
> Sent: Freitag, 10. August 2001 10:06
> To: suse-security@suse.com
> Subject: Re: [suse-security] Firewall Logging (no CodeRed :-)
>
>
> On Friday, 10. August 2001 10:01, Franziskus Scharpff wrote:
>
> > .... Packet log: input DENY eth0 PROTO=* 192.168.1.* ....
>
> The full log message and FW-configuration would be helpful.
>
> Bjoern
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
> For additional commands, e-mail: suse-security-help@suse.com
>