> > Apr 28 22:07:47 fire Invalid: IN=eth1 OUT=
> > MAC=00:d0:b7:1d:cc:7d:00:90:69:f0:b0:20:08:00 SRC=156.56.247.195
> > DST=217.199.xx.18 LEN=1500 TOS=00 PREC=0x00 TTL=53 ID=53186 CE DF
> > PROTO=TCP SPT=80 DPT=33553 SEQ=990104197 ACK=497088462 WINDOW=6432 ACK
> > URGP=0
>
> the only thing that jumps out at me is that all those packets have the
> CE bit set (Congestion Experienced). care to share with us the rule
> that creates those log entries? is it just "-m state --state INVALID -j
> LOG"? i would be very surprised if setting CE caused a packet to
> identified as INVALID...
>
Yes of course I share willingly :)
iptables -L INVALIDDROP -n &>/dev/null ||\
iptables -N INVALIDDROP
iptables -A INVALIDDROP -j ULOG --ulog-prefix "Invalid: "
iptables -A INVALIDDROP -j DROP
iptables -A INPUT -m state --state INVALID -j INVALIDDROP
This is the lines from my firewall script. It is like you say only -m
state --state INVALID that is used.
From my iptables -L you can see it's right there at the top:
fire root # iptables -L INPUT -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 127.0.0.0/8 127.0.0.0/8
INVALIDDROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
..... <snip> .....
Best regards
Stian B. Barmen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
