I'm pretty sure that the firewall is merely doing its job and I've got nothing to worry about, but just how to interpret the log messages here. Heh.
Yup. The firewall's doing it's job.
What's the best way for me to learn this stuff? Thanks again!
Ask questions and start absorbing information! Specifically regarding log messages like the following, start with the protocol & port numbers, and look up the services in a reference (anything from /etc/services to the mountains of RFC's...sounds like you already found a couple places to check this online) to see what they are. If you don't know what a service is, start reading up on that to your hearts content.
Nov 16 06:42:04 firewall syslogd 1.3-3#31.slink1: restart.
Nov 16 06:43:35 firewall kernel: Packet log: input DENY eth0 PROTO=17
10.215.128.1:67 255.255.255.255:68 L=333 S=0x00 I=25419 F=0x0000 T=255
(#8) Nov 16 06:43:35 firewall kernel: Packet log: input DENY eth0 PROTO=17
10.215.128.1:67 255.255.255.255:68 L=343 S=0x00 I=25421 F=0x0000 T=255
(#8) Nov 16 06:45:56 firewall kernel: Packet log: input DENY eth0 PROTO=17
172.29.78.1:67 255.255.255.255:68 L=363 S=0x00 I=25537 F=0x0000 T=255
(#9) Nov 16 06:45:56 firewall kernel: Packet log: input DENY eth0 PROTO=17
10.215.128.1:67 255.255.255.255:68 L=363 S=0x00 I=25539 F=0x0000 T=255
(#8) Nov 16 06:46:43 firewall kernel: Packet log: input DENY eth0 PROTO=17
10.207.5.1:67 255.255.255.255:68 L=363 S=0x00 I=25571 F=0x0000 T=255
(#8)
These are all DHCP response packets. The DHCP servers (at least 3 different systems) are all on private IP space, sending responses to the broadcast (all 1's, or 255.255.255.255) IP address (since a dynamic client doesn't have an IP address, it talks to the dhcp server with broadcast packets.
Since you're on a cable modem, you're probably seeing traffic from 'neighbors' (could be quite far away, depending on your cable system's network architecture). Windows boxes have a nasty habit of sending broadcast traffic out *ALL* interfaces, so if anyone on the same cable-modem network segment as yourself is running a 'doze box as a firewall and dhcp server, you'll see the sort of traffic you list above.
The firewall rules are blocking the traffic because of the private IP source address.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
