Hi, I have a bunch of rejects in my logs like this, and wanted to make sure my domain rules were correct:
[24280.792629] Shorewall:ext2fw:REJECT:IN=br0 OUT= MAC=14:da:e9:97:ab:71:00:21:a0:75:e3:12:08:00 SRC=118.97.104.210 DST=68.XXX.YYY.44 LEN=75 TOS=0x00 PREC=0x00 TTL=114 ID=32855 PROTO=UDP SPT=179 DPT=53 LEN=55 I have the following rules for DNS for the 68.XXX.YYY.44 ($FW) server: ACCEPT ext $FW tcp domain 53 ACCEPT ext $FW tcp domain 1024: ACCEPT ext $FW udp domain 1024: Is that correct? I don't believe there should be requests arriving on UDP ports below 1024, correct? Any ideas for the correct domain entries would be greatly appreciated. Thanks, Alex ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
