RE: [suse-security] Firewall Logging (no CodeRed :-)
![](https://seccdn.libravatar.org/avatar/de151c778852ba793e5f26127fc18cdf.jpg?s=120&d=mm&r=g)
Here it is: Log: Aug 10 08:06:46 colossus kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.55:137 192.168.1.255:137 L=78 S=0x00 I=2645 F=0x0000 T=128 (#3) Here my (shortend) firewall.rc.config FW_DEV_WORLD="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="no" FW_MASQUERADE="no" FW_MASQ_NETS="" FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" # "yes" is a good choice FW_SERVICES_EXTERNAL_TCP="smtp www ftp ssh" # Common: smtp domain FW_SERVICES_EXTERNAL_UDP="ssh" FW_SERVICES_EXTERNAL_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_INTERNAL_TCP="1:65535" FW_SERVICES_INTERNAL_UDP="1:65535" FW_SERVICES_INTERNAL_IP="" # For VPN/Routing which END at the firewall!! FW_TRUSTED_NETS="" FW_SERVICES_TRUSTED_TCP="" # Common: ssh FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp FW_SERVICES_TRUSTED_IP="" # For VPN/Routing which END at the firewall!! FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" # Common: "ftp-data" (sadly!) FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" # Common: "DNS" or "domain ntp" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SAMBA="no" FW_FORWARD_TCP="" # Beware to use this! FW_FORWARD_UDP="" # Beware to use this! FW_FORWARD_IP="" # Beware to use this! FW_FORWARD_MASQ_TCP="" # Beware to use this! FW_FORWARD_MASQ_UDP="" # Beware to use this! FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="no" FW_LOG_DENY_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" ## # END of rc.firewall ##
-----Original Message----- From: Bjoern Engels [mailto:bengels@lanworks.de] Sent: Freitag, 10. August 2001 10:06 To: suse-security@suse.com Subject: Re: [suse-security] Firewall Logging (no CodeRed :-)
On Friday, 10. August 2001 10:01, Franziskus Scharpff wrote:
.... Packet log: input DENY eth0 PROTO=* 192.168.1.* ....
The full log message and FW-configuration would be helpful.
Bjoern
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
![](https://seccdn.libravatar.org/avatar/f6da5d817cfd53428b7068ece4900dd5.jpg?s=120&d=mm&r=g)
Aug 10 08:06:46 colossus kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.55:137 192.168.1.255:137 L=78 S=0x00 I=2645 F=0x0000 T=128 (#3) Ok, these are UDP NetBIOS name service requests from outside, you'll find
On Friday, 10. August 2001 10:16, Franziskus Scharpff wrote: them in every firewall log I bet.
FW_SERVICES_EXTERNAL_UDP="ssh" You don't need this, ssh runs via tcp.
FW_LOG_DENY_CRIT="no" FW_LOG_DENY_ALL="no"
Hmm, in my opinion the firewall shouldn't log, you're right. But it's some time ago when I used SuSEfirewall... Anyway you shouldn't worry about these packets, I have them in my logs, too... Maybe Marc Heuse or anybody else who knows the SuSEfirewall package better than me reads this thread and can tell you, why it's being logged ;) Bjoern
participants (2)
-
Bjoern Engels
-
Franziskus Scharpff