Here it is:
Log:
Aug 10 08:06:46 colossus kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.55:137 192.168.1.255:137 L=78 S=0x00 I=2645 F=0x0000 T=128 (#3)
Here my (shortend) firewall.rc.config
FW_DEV_WORLD="eth0"
FW_DEV_INT="eth1"
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_NETS=""
FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes" # "yes" is a good choice
FW_SERVICES_EXTERNAL_TCP="smtp www ftp ssh" # Common: smtp domain
FW_SERVICES_EXTERNAL_UDP="ssh"
FW_SERVICES_EXTERNAL_IP="" # For VPN/Routing which END at the firewall!!
#
FW_SERVICES_DMZ_TCP="" # Common: smtp domain
FW_SERVICES_DMZ_UDP="" # Common: domain syslog
FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!!
#
FW_SERVICES_INTERNAL_TCP="1:65535"
FW_SERVICES_INTERNAL_UDP="1:65535"
FW_SERVICES_INTERNAL_IP="" # For VPN/Routing which END at the firewall!!
FW_TRUSTED_NETS=""
FW_SERVICES_TRUSTED_TCP="" # Common: ssh
FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp
FW_SERVICES_TRUSTED_IP="" # For VPN/Routing which END at the firewall!!
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" # Common: "ftp-data" (sadly!)
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" # Common: "DNS" or "domain ntp"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD_TCP="" # Beware to use this!
FW_FORWARD_UDP="" # Beware to use this!
FW_FORWARD_IP="" # Beware to use this!
FW_FORWARD_MASQ_TCP="" # Beware to use this!
FW_FORWARD_MASQ_UDP="" # Beware to use this!
FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""
FW_LOG_DENY_CRIT="no"
FW_LOG_DENY_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
##
# END of rc.firewall
##
> -----Original Message-----
> From: Bjoern Engels [mailto:bengels@lanworks.de]
> Sent: Freitag, 10. August 2001 10:06
> To: suse-security@suse.com
> Subject: Re: [suse-security] Firewall Logging (no CodeRed :-)
>
>
> On Friday, 10. August 2001 10:01, Franziskus Scharpff wrote:
>
> > .... Packet log: input DENY eth0 PROTO=* 192.168.1.* ....
>
> The full log message and FW-configuration would be helpful.
>
> Bjoern
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
> For additional commands, e-mail: suse-security-help@suse.com
>