Tom Eastep wrote: >> I'm running CentOS-6.3 with shorewall (and fail2ban), >> accessing the internet through a Billion router/modem. >> >> I've noticed recently a large number of logwatch entries like >> ------------------------------------ >> Dropped 4177 packets on interface eth0 >> From 1.0.159.111 - 2 packets to udp(51001) >> ------------------------------------ >> all targeting port 51001 (from many different IP addresses). >> >> I haven't explicitly opened this port on the router, >> nor is it mentioned in my shorewall rules. >> >> I would have thought this packet would be unable >> to get through the router? >> Or are UDP packets usually treated differently to TCP packets? > > Assuming that logwatch is running on your Shorewall router, this simply > indicates that the packets are being dropped and logged.
Sorry, I should have said that shorewall is _not_ running on the Billion router/modem , but on a CentOS server attached to the modem. So what puzzles - or I should say, surprises - me is that the UDP packets get through the router/modem, and are logged by the computer. But I guess this is a problem between me and Billion, and has nothing to do with shorewall. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
