It's quite normal to see some of this. Packets are marked invalid by the netfilter conntrack sub system. Vuurmuur drops these by default.
http://eeek.borgchat.net/lists/netfilter/msg44838.html says about invalid packets: "In the "Packet Filtering HOWTO" of netfilter.org, they say: A packet which could not be identified for some reason: this includes running out of memoory and ICMP errors which don't correspond to any known connection. By looking to the code, I would say, that a packet is invalid, if the connection tracker doesn't manages to create a proper connection-state for that packet (memory-errors while treating the packet, ...), or the tests defined by the specific protocol-handlers fail." In general it should be safe to drop these. Cheers, Victor Michael Drons wrote: > Why do I get an INVALID entry in my logfile? It is the 3rd entry in the > messages. What does INVALID mean? The firewall dropped the packet correct? > > Thanks, Mike > > Jun 8 06:51:44 mdrons kernel: vrmr: ACCEPT HTTP2 IN=eth1 OUT=eth0 > SRC=10.100.10.26 DST=72.14.204.102 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=22037 > DF PROTO=TCP SPT=39007 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 OPT > (020405B40402080A00061C6A0000000001030301) > Jun 8 06:51:44 mdrons kernel: vrmr: SNAT HTTP1 IN= OUT=eth0 SRC=10.100.10.26 > DST=72.14.204.102 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=22037 DF PROTO=TCP > SPT=39007 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 OPT > (020405B40402080A00061C6A0000000001030301) > Jun 8 06:51:54 mdrons kernel: vrmr: DROP fw INVALID IN=eth1 OUT=eth0 > SRC=10.100.10.26 DST=98.138.31.75 LEN=89 TOS=0x00 PREC=0x00 TTL=63 ID=60040 > DF PROTO=TCP SPT=36253 DPT=993 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 OPT > (0101080A00062045D2A2EFFB) > Jun 8 06:51:55 mdrons kernel: vrmr: ACCEPT DNS3 IN=eth1 OUT=eth0 > SRC=10.100.10.26 DST=192.168.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=8357 DF > PROTO=UDP SPT=29531 DPT=53 LEN=44 > Jun 8 06:51:55 mdrons kernel: vrmr: SNAT DNS2 IN= OUT=eth0 SRC=10.100.10.26 > DST=192.168.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=8357 DF PROTO=UDP > SPT=29531 DPT=53 LEN=44 > > > > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > Vuurmuur-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/vuurmuur-users ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
