The 02.12.08 at 04:03, Jeric wrote:
In my firewall logs (/var/log/messages), generated by SuSEfirewall2 in SuSE 8.1 I will get two identical lines, both time stamped the same second and everything, except the first one is ACCEPT, and the second one is DENY. Has anyone seen this and know what causes this, or how to fix it. The packets in question should be denied. I don't have anything complex set up on the firewall (i.e. no masq, routing, dmz, etc. are set up). I don't understand how two similar packets (if not the same packets) are being both accepted and denied, this shouldn't be.
Yes, I mentioned that the other day. I'm thinking that it could be the same packet, allowed entry, and then dropped because ther is no handler for it (no daemon listening). Dec 8 20:27:56 nimrodel kernel: SuSE-FW-ACCEPT IN=ppp0 OUT= MAC= SRC=193.152.43.8 DST=193.152.137.135 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=48243 DF PROTO=TCP SPT=37021 DPT=5327 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B4) Dec 8 20:27:56 nimrodel kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=193.152.43.8 DST=193.152.137.135 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=48243 DF PROTO=TCP SPT=37021 DPT=5327 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B4) -- Cheers, Carlos Robinson