David Kramer <[EMAIL PROTECTED]> wrote:
>
> I know they're written by inetd/tcp wrappers, but none of the man pages
> seem to have the format of the output.
No, they are produced by the firewall code within the kernel itself.
See the part that says "kernel:"? These will show up in your "dmesg"
output as well.
> Sep 21 23:23:51 kramer kernel: IP fw-in deny eth0 UDP 192.168.1.100:520
> 192.168.1.255:520 L=52 S=0x00 I=64 F=0x0000 T=31
I think I found the source of these lines, in
/usr/src/linux/net/ipv4/ip_fw.c.
It's telling you that one of your firewall input rules denied a packet
from being forwarded to eth0. It was a UDP packet, with source and
destinations as you see them. The "L=52" is the packet length.
"S=0x00" is the "type of service" flag. "I=64" is the internet protocol
ID, which I'm not familiar with. "F=" is the fragment offset. "T=" is
the TTL, or hop-count of the packet.
Most of it is not terribly useful information, except for the source/
destination information.
> The firewall properly denied them, but I would like to know what's
> going on. The scary part is that I have no .100 machine (although I
> am using 192.168.1.x for my internal machines), so these are prolly
> being broadcasted from someone else's box which is set up wrong.
Sounds about right.
> Can that be? Doesn't M1X block those ranges?
I don't know what an M1X is, sorry.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
