The only thing currently behind the firewall is an NT4 box for testing purposes. I checked it under control panel > services for SNMP but there wasn't anything listed.> Feb 4 17:29:52 Nimrod kernel: Packet log: input REJECT eth1 PROTO=17 > 10.10.10.2:4813 10.0.0.14:161 L=84 S=0x00 I=58236 F=0x0000 T=128 (#39) This is a machine broadcasting/requesting SNMP service. Are one of your boxes managing the ouside router or being polled for SNMP info?
> Feb 4 17:30:11 Nimrod kernel: Packet log: input DENY eth0 PROTO=17I added: SILENT_DENY="17_192.168.1.1_520" to network.conf and that seemed to stop it from being logged. Is this "fix" okay to do?
> 192.168.1.1:520 192.168.1.255:520 L=72 S=0x00 I=14429 F=0x0000 T=48 (#38)
> Feb 4 17:30:37 Nimrod kernel: Packet log: input DENY eth0 PROTO=17
This is the RIP routing protocol.
[snipped info.] RIP is harmless to you since it's blocked and the concern with SNMP on
your internal machine lies in why it's running SNMP (and to where???).
To stop logging these packets, find (all) the applicable places where these
are DENY'ed are get rid of the "-l" (for logging) in the rule(s).
I tried: SILENT_DENY="17_10.10.10.2_161" but it didn't seem to do anything. Lynn's suggestion above is asking me to edit the ipfilters.conf file, right?
Also, I'm now getting the following message in my logs that I wasn't getting before (at least I didn't notice them before):
input DENY eth0 PROTO=17 0.0.0.0:68 255.255.255.255:67 L=338 S=0x00 I=0 F=0x0000 T=128 (#5)
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
