Hello, I'm not sure whats going on here, but I came in today and my log is being flooded with these... about once per second, I get 2 or 3 of the following: Oct 19 11:10:33 myhost IPTABLES-IN Default Drop: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1c:c0:69:16:89:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=46967 PROTO=UDP SPT=68 DPT=67 LEN=308 Oct 19 11:10:33 myhost IPTABLES-IN Default Drop: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:5a:8f:d6:11:08:00 SRC=192.168.1.250 DST=255.255.255.255 LEN=347 TOS=0x00 PREC=0x00 TTL=128 ID=55784 PROTO=UDP SPT=67 DPT=68 LEN=327 Oct 19 11:10:33 myhost IPTABLES-IN Default Drop: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1c:c0:69:16:89:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=360 TOS=0x00 PREC=0x00 TTL=128 ID=46968 PROTO=UDP SPT=68 DPT=67 LEN=340 The only things that I can see that change are the date/times (of course) and the ID=value 192.168.1.250 is the only windows domain controller (DHCP, DNS and file services)... For a long time, I've seen things like this in the logs - in fact I even asked about it here once a few months ago, but got busy and didn't follow up on 'fixing' it - but it was never just continuous like this... First question is, is this anything to be concerned about? If not, how can I silence these in my logs? Tia for any help/suggestions - Simon... Output of iptables-save follows: # Generated by iptables-save v1.3.8 on Sat Oct 18 16:11:52 2008 *raw :PREROUTING ACCEPT [222633286:130337506706] :OUTPUT ACCEPT [186475744:266358392165] COMMIT # Completed on Sat Oct 18 16:11:52 2008 # Generated by iptables-save v1.3.8 on Sat Oct 18 16:11:52 2008 *nat :PREROUTING ACCEPT [3310784:561609823] :POSTROUTING ACCEPT [289167:19127565] :OUTPUT ACCEPT [300907:21670186] COMMIT # Completed on Sat Oct 18 16:11:52 2008 # Generated by iptables-save v1.3.8 on Sat Oct 18 16:11:52 2008 *mangle :PREROUTING ACCEPT [621778831:356231181731] :INPUT ACCEPT [621741184:356222148032] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [510767123:743977057165] :POSTROUTING ACCEPT [510654750:743968032926] -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP COMMIT # Completed on Sat Oct 18 16:11:52 2008 # Generated by iptables-save v1.3.8 on Sat Oct 18 16:11:52 2008 *filter :INPUT DROP [1492298:264275398] :FORWARD DROP [0:0] :OUTPUT ACCEPT [21460:2536934] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p udp -m udp --dport 123 -j ACCEPT -A INPUT -p udp -m udp --dport 138 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT -A INPUT -s 127.0.0.1 -j ACCEPT -A INPUT -j LOG --log-prefix "IPTABLES-IN Default Drop: " --log-level 7 -A INPUT -p tcp -m tcp --dport 22 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 587 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 20 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 23 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT -A OUTPUT -p udp -m udp --dport 123 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 143 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 783 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 873 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT -A OUTPUT -d 127.0.0.1 -j ACCEPT -A OUTPUT -j LOG --log-prefix "IPTABLES-OUT Default Drop: " --log-level 7 COMMIT # Completed on Sat Oct 18 16:11:52 2008 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
