Re: prevent iptables LOG target from flooding dmesg

Thanasis <thanasis@xxxxxxxxxxxxxx> · Sun, 06 Jun 2010 13:52:01 +0300

on 06/06/2010 10:09 AM lists@xxxxxxxxxxxxxxx wrote the following:
> On Sat, 2010-06-05 at 23:42 +0300, Thanasis wrote:
>> The subject says it all.
>> I have set up logging like so :
>> --------------------------------------------------------------------------------------------------------------------
>> iptables -A INPUT -m state --state INVALID -j LOG --log-prefix "DROP
>> INVALID " --log-ip-options --log-tcp-options
>> iptables -A INPUT -i $INTIF ! -s $LAN -j LOG --log-prefix "SPOOFED PKT "
>> iptables -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-ip-options
>> --log-tcp-options
>> iptables -A OUTPUT -m state --state INVALID -j LOG --log-prefix "DROP
>> INVALID " --log-ip-options --log-tcp-options
>> iptables -A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-ip-options
>> --log-tcp-options
>> iptables -A FORWARD -m state --state INVALID -j LOG --log-prefix "DROP
>> INVALID " --log-ip-options --log-tcp-options
>> iptables -A FORWARD -i $INTIF ! -s $LAN -j LOG --log-prefix "SPOOFED PKT "
>> iptables -A FORWARD ! -i lo -j LOG --log-prefix "DROP " --log-ip-options
>> --log-tcp-options
>> --------------------------------------------------------------------------------------------------------------------
>> and dmesg is flooded by DROP log messages etc.
>> I have NETFILTER_NETLINK_LOG [=m]
>> in the kenel config, but I don't know how to use it,
>> (and what the module name is).
>> Any pointers/help will be much appreciated.
>
> You can limit how much is logged with the 'limit' match. Doing this you
> might lose some information but you might be okay with that. The 'limit'
> match can be used like this:
>
> $ipt [...] -m limit --limit 3/second [...]
>
> However, I don't know if that's what you want.
>
My problem is _not_the_number_ of messages that I get from iptables, but
the fact that _lots_ of them are logged in buffer of the kernel filling
it, to the point that I loose all important info/warnings that I should
be able to see with dmesg.

eg. this is all that I get by dmesg now:
(I have hidden some of the IPs for security reasons)

# dmesg
5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=15659 PROTO=UDP
SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15659 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15660 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15660 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
ID=15663 PROTO=UDP SPT=138 DPT=138 LEN=209
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
ID=15663 PROTO=UDP SPT=138 DPT=138 LEN=209
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15668 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15668 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15669 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15669 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15670 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15670 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15671 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15671 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15672 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15672 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15673 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15673 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15674 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15674 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15675 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15675 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15676 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15676 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15677 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15677 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15678 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15678 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15679 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15679 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15680 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15680 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15681 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15681 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15682 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15682 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
ID=15685 PROTO=UDP SPT=138 DPT=138 LEN=209
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
ID=15685 PROTO=UDP SPT=138 DPT=138 LEN=209
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=92.249.130.158 DST=YY.YYY.YYY.YYY LEN=64
TOS=0x00 PREC=0x00 TTL=35 ID=36826 DF PROTO=TCP SPT=2867 DPT=135
WINDOW=53760 RES=0x00 SYN URGP=0 OPT
(020405A0010303030101080A000000000000000001010402)
DROP IN=ppp0 OUT= MAC= SRC=92.249.130.158 DST=YY.YYY.YYY.YYY LEN=64
TOS=0x00 PREC=0x00 TTL=35 ID=37606 DF PROTO=TCP SPT=2867 DPT=135
WINDOW=53760 RES=0x00 SYN URGP=0 OPT
(020405A0010303030101080A000000000000000001010402)
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15689 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15689 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15690 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15690 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15691 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15691 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15692 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15692 PROTO=UDP SPT=137 DPT=137 LEN=58
SPOOFED PKT IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:25:43:7f:93:08:00
SRC=0.0.0.0 DST=255.255.255.255 LEN=355 TOS=0x00 PREC=0x00 TTL=64
ID=36184 PROTO=UDP SPT=68 DPT=67 LEN=335
SPOOFED PKT IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:25:43:7f:93:08:00
SRC=0.0.0.0 DST=255.255.255.255 LEN=355 TOS=0x00 PREC=0x00 TTL=64
ID=36184 PROTO=UDP SPT=68 DPT=67 LEN=335
DROP IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:25:43:7f:93:08:00
SRC=0.0.0.0 DST=255.255.255.255 LEN=355 TOS=0x00 PREC=0x00 TTL=64
ID=36184 PROTO=UDP SPT=68 DPT=67 LEN=335
SPOOFED PKT IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:25:43:7f:93:08:00
SRC=0.0.0.0 DST=255.255.255.255 LEN=367 TOS=0x00 PREC=0x00 TTL=64
ID=25448 PROTO=UDP SPT=68 DPT=67 LEN=347
SPOOFED PKT IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:25:43:7f:93:08:00
SRC=0.0.0.0 DST=255.255.255.255 LEN=367 TOS=0x00 PREC=0x00 TTL=64
ID=25448 PROTO=UDP SPT=68 DPT=67 LEN=347
DROP IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:25:43:7f:93:08:00
SRC=0.0.0.0 DST=255.255.255.255 LEN=367 TOS=0x00 PREC=0x00 TTL=64
ID=25448 PROTO=UDP SPT=68 DPT=67 LEN=347
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15693 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15693 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15694 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15694 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15695 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15695 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15696 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15696 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15697 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=202 TOS=0x00 PREC=0x00 TTL=128
ID=15697 PROTO=UDP SPT=138 DPT=138 LEN=182
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15698 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15698 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15699 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15699 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15700 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15700 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15701 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15701 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15702 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15702 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15703 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=15703 PROTO=UDP SPT=137 DPT=137 LEN=58
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=ppp0 OUT= MAC= SRC=218.25.11.207 DST=YY.YYY.YYY.YYY LEN=40
TOS=0x00 PREC=0x00 TTL=107 ID=61402 PROTO=TCP SPT=6000 DPT=1433
WINDOW=16384 RES=0x00 SYN URGP=0
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
ID=15707 PROTO=UDP SPT=138 DPT=138 LEN=209
DROP IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:48:08:29:8b:08:00
SRC=192.168.0.5 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
ID=15707 PROTO=UDP SPT=138 DPT=138 LEN=209
DROP IN=ppp0 OUT= MAC= SRC=58.247.163.220 DST=YY.YYY.YYY.YYY LEN=30
TOS=0x00 PREC=0x00 TTL=114 ID=3635 PROTO=UDP SPT=9739 DPT=4672 LEN=10
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
DROP INVALID IN=ppp0 OUT= MAC= SRC=209.132.180.67 DST=YY.YYY.YYY.YYY
LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=35728 DPT=25
WINDOW=0 RES=0x00 RST URGP=0
DROP IN=ppp0 OUT= MAC= SRC=XX.XXX.X.XXX DST=224.0.0.1 LEN=32 TOS=0x00
PREC=0x00 TTL=1 ID=0 OPT (94040000) PROTO=2
#

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html