Hi, I'm using the suse firewal 2.1-5 on SuSE 6.4, Kernel 2.2.16 I have disabled all incoming packets except DNS, xntp. Watching the firewal-log, there are a lot of DENYs the whole day. But since a few days sometimes packets are accepted from ip-addresses I don't know, as shown below. Apr 8 23:41:09 linux3 kernel: Packet log: input ACCEPT ippp1 PROTO=1 62.224.186.168:8 217.2.57.22:0 L=36 S=0x00 I=60136 F=0x0000 T=123 (#20) What does this say? Is it needed to change some firewall rules? Thanks in advance, Franz
Apr 8 23:41:09 linux3 kernel: Packet log: input ACCEPT ippp1 PROTO=1 62.224.186.168:8 217.2.57.22:0 L=36 S=0x00 I=60136 F=0x0000 T=123 (#20)
What does this say? Is it needed to change some firewall rules?
That means you are being pinged - PROTO=1 is ICMP, the "ports" you see aren't ports, they mean ICMP type 8, code 0 (echo request). If you want to allow other hosts to ping you, it's okay, if not try a ipchains -A input -i <ext_interface> -p icmp --icmp-type echo-request -l -j DENY Blocking all ICMP traffic is not a good idea, you wouldn't receive stuff like destination-unreachable and so on. ---------------------------------- E-Mail: Bjoern Engels <bengels@lanworks.de> Date: 09-Apr-01 Time: 10:05:33 This message was sent by XFMail ----------------------------------
participants (2)
-
Bjoern Engels -
Franz Pfisterer