Here it is: Log: Aug 10 08:06:46 colossus kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.55:137 192.168.1.255:137 L=78 S=0x00 I=2645 F=0x0000 T=128 (#3) Here my (shortend) firewall.rc.config FW_DEV_WORLD="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="no" FW_MASQUERADE="no" FW_MASQ_NETS="" FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" # "yes" is a good choice FW_SERVICES_EXTERNAL_TCP="smtp www ftp ssh" # Common: smtp domain FW_SERVICES_EXTERNAL_UDP="ssh" FW_SERVICES_EXTERNAL_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_INTERNAL_TCP="1:65535" FW_SERVICES_INTERNAL_UDP="1:65535" FW_SERVICES_INTERNAL_IP="" # For VPN/Routing which END at the firewall!! FW_TRUSTED_NETS="" FW_SERVICES_TRUSTED_TCP="" # Common: ssh FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp FW_SERVICES_TRUSTED_IP="" # For VPN/Routing which END at the firewall!! FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" # Common: "ftp-data" (sadly!) FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" # Common: "DNS" or "domain ntp" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SAMBA="no" FW_FORWARD_TCP="" # Beware to use this! FW_FORWARD_UDP="" # Beware to use this! FW_FORWARD_IP="" # Beware to use this! FW_FORWARD_MASQ_TCP="" # Beware to use this! FW_FORWARD_MASQ_UDP="" # Beware to use this! FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="no" FW_LOG_DENY_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" ## # END of rc.firewall ##
-----Original Message----- From: Bjoern Engels [mailto:bengels@lanworks.de] Sent: Freitag, 10. August 2001 10:06 To: suse-security@suse.com Subject: Re: [suse-security] Firewall Logging (no CodeRed :-)
On Friday, 10. August 2001 10:01, Franziskus Scharpff wrote:
.... Packet log: input DENY eth0 PROTO=* 192.168.1.* ....
The full log message and FW-configuration would be helpful.
Bjoern
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com