On January 16, 2004 04:15 am, Rakotomandimby Mihamina wrote: > Hi all, > Im' running 2.4.24 and iptables 1.2.9 on slackware . > > I made these rules on my single box connected to internet via the ppp0 > interface ( i only show OUTPUT related entries ) > > iptables -P OUTPUT DROP > iptables -A OUTPUT -o lo -j ACCEPT > iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > #To allow me surfing : > iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT > # My ISP DNS : > iptables -A OUTPUT -d 193.252.19.4 -p ALL -j ACCEPT ; > iptables -A OUTPUT -d 193.252.19.3 -p ALL -j ACCEPT ; > iptables -A OUTPUT -d 80.10.246.1 -p ALL -j ACCEPT > iptables -A OUTPUT -d 80.10.246.132 -p ALL -j ACCEPT > #Logging everything else : > iptables -A OUTPUT -j LOG --log-level info --log-prefix "dropped_output_: " > > and i get many lines like this in my log file : > > Jan 16 06:54:40 milina kernel: dropped_output_: IN= OUT=ppp0 > SRC=81.248.95.208 DST=81.56.193.129 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 > DF PROTO=TCP SPT=39332 DPT=113 WINDOW=18276 RES=0x00 SYN URGP=0 > > What would be this stuff on 113 port ?? > That would be Identd -- its your FTP server trying to get ident info from connecting clients. You can turn this off in *some* ftp configs. Alistair > Though when i sleep ( i kill X by switching to runlevel 3 , so there is > neither "messenger" nor any stuff that should be connected but my web > server and FTP server ... ) , it logs that . > > Would you hel me ?
