I had asked: > > kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328 > > S=0x00 I=53838 F=0x0000 T=128 > > [...] Or should I filter them out with "grep -v" or such?
Thanks to a pointer from Dean Carpenter <[EMAIL PROTECTED]>, I found that ipmasq had turned on logging for those types of messages. "ipmasq -d" listed two ipfwadm rules with "-o", so I edited the corresponding /etc/ipmasq/rules (.def) files and saved them as .rul files (and verified the changes by running "ipmasq -d" again). And now I can spot those port scans again. :-) Tod
