Re: [Shorewall-users] why do I have requests from inside apache server with source ports 80 and 443

Christophe PEREZ Thu, 26 Oct 2023 20:15:54 -0700

Le Thu, 26 Oct 2023 22:01:19 -0000 (UTC), Christophe PEREZ a écrit :

> Do I need to add ":$LOG_LEVEL" as:
> REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP),dropInvalid:$LOG_LEVEL"
> ?


Not better:

Oct 27 02:19:26 myserver kernel: [1647881.795002] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=443 DPT=45969 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:39:19 myserver kernel: [1649074.651136] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=24267 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:39:23 myserver kernel: [1649078.683137] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=24267 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:39:34 myserver kernel: [1649089.690784] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=62843 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:39:38 myserver kernel: [1649094.298718] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=62344 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:39:43 myserver kernel: [1649099.489891] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=32503 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:39:49 myserver kernel: [1649104.602563] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=40049 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:39:54 myserver kernel: [1649109.658463] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=615 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:40:12 myserver kernel: [1649127.577840] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=18660 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 02:40:34 myserver kernel: [1649149.593813] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=80 DPT=20117 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 04:38:26 myserver kernel: [1656222.112096] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=443 DPT=56497 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 04:53:42 myserver kernel: [1657137.490097] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=443 DPT=35623 WINDOW=0 RES=0x00 RST URGP=0 
Oct 27 05:08:44 myserver kernel: [1658040.313037] fw-net DROP IN= OUT=eth0 
SRC=myserverip DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=TCP SPT=443 DPT=40715 WINDOW=0 RES=0x00 RST URGP=0



_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] why do I have requests from inside apache server with source ports 80 and 443

Reply via email to