Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

IPF Logs

  • 09-01-2003 8:26am
    #1
    schrodinger
    Registered Users, Registered Users 2 Posts: 326 ✭✭


    Just recently I implemented the following ipf ruleset :

    block in log on tun0 all
    block out on tun0 all
    pass out quick on tun0 proto icmp from any to any keep state
    pass out quick on tun0 proto tcp/udp from any to any keep state
    pass in quick on tun0 proto tcp from any to any port = 21 flags S keep state
    pass in quick on tun0 proto tcp from any to any port = 22 flags S keep state
    pass in quick on tun0 proto tcp from any to any port = 80 flags S keep state
    pass in quick on lo0 from 127.0.0.1/32 to 127.0.0.1/32
    pass out quick on lo0 from 127.0.0.1/32 to 127.0.0.1/32
    pass out quick on xl0 from 192.168.0.1/32 to 192.168.0.1/24
    pass in quick on xl0 from 192.168.0.1/24 to 192.168.0.1/32

    I issued the following command before dailing up :
    ipf -FA -f /etc/ipf.conf

    Soon after I dailed up my logs started to fill up with the following:

    08/01/2003 21:14:57.379036 STATE:NEW p75-30.as1.dbn.dublin.eircom.net[159.134.75.30],2182 -> dns1.te.net[159.134.248.17],53 PR udp
    08/01/2003 21:14:57.514399 STATE:NEW p75-30.as1.dbn.dublin.eircom.net[159.134.75.30],2183 -> dns1.te.net[159.134.248.17],53 PR udp
    08/01/2003 21:14:57.645312 STATE:NEW p75-30.as1.dbn.dublin.eircom.net[159.134.75.30],2184 -> dns1.te.net[159.134.248.17],53 PR udp

    Why are my logs filling up with this?


Comments

  • #2
    MiCr0
    Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    it seems to be port 53 udp

    have a look here

    http://isc.incidents.org/port_details.html?port=53

    are you having dns resolving issues?


  • #3
    Kali
    Closed Accounts Posts: 6,601 ✭✭✭Kali


    Aye.. thats just a dns server responding to your requests for lookups.

    Also might be an idea to explicity set the ftp/http rules to just allow access from the local /24.. if you've any other pcs connected.


  • #4
    schrodinger
    Registered Users, Registered Users 2 Posts: 326 ✭✭schrodinger


    Originally posted by MiCr0

    are you having dns resolving issues?

    No thats the thing I'm not having any trouble at all. The question is why are these being logged??


  • #5
    schrodinger
    Registered Users, Registered Users 2 Posts: 326 ✭✭schrodinger


    Originally posted by Kali
    Aye.. thats just a dns server responding to your requests for lookups.

    Why are they being logged though?
    Originally posted by Kali

    Also might be an idea to explicity set the ftp/http rules to just allow access from the local /24.. if you've any other pcs connected.

    For the moment I want theses services to be exteranlly accessable.


  • #6
    schrodinger
    Registered Users, Registered Users 2 Posts: 326 ✭✭schrodinger


    Apologies to those people whos time I have wasted with this I figured it out in the end. The log entries are actually being created by ipmon and it's monitoring of the STATE tables. Apologies again and thanks to those who helped.


  • Advertisement
Advertisement