Anything particular you wonder about or is it just what the abbreviation before "=2 means ? Best regards André Paulsberg-Csibi Senior Network Engineer IBM Services AS Sensitivity: Internal -----Opprinnelig melding----- Fra: netfilter-owner@xxxxxxxxxxxxxxx <netfilter-owner@xxxxxxxxxxxxxxx> På vegne av Wayne Sallee Sendt: søndag 2. september 2018 19.31 Til: netfilter@xxxxxxxxxxxxxxx Emne: Re: netfilter mailing list abandoned Yes. Wayne Sallee Wayne@xxxxxxxxxxxxxxx https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.WayneSallee.com&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry.com%7Cb8ff328188c7464a15d108d610f9cc5d%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636715062395963658&sdata=MYu94BqG%2BvJWA0lCGyaRP8rE1msaVzaS036S7bmE1zk%3D&reserved=0 -------- Original Message -------- *Subject: *Re: netfilter mailing list abandoned *From: *Neal P. Murphy <neal.p.murphy@xxxxxxxxxxxx> *To: *Wayne Sallee <Wayne@xxxxxxxxxxxxxxx> *Date: *09/02/2018 12:38 PM > Are you speaking of log entries like these? > --- > May 7 00:15:22 lanner kernel: [1331862.087653] > Denied-by-mangle:blockSetDrop IN=eth3 OUT= > MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=85.104.239.148 > DST=73.n.n.133 LEN=40 TOS=0x00 PREC=0x20 TTL=236 ID=28662 DF PROTO=TCP > SPT=59418 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0 May 7 00:17:31 > lanner kernel: [1331991.422047] Denied-by-filter:INPUT IN=eth3 OUT= > MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=5.188.11.131 > DST=73.n.n.133 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=17762 PROTO=TCP > SPT=48786 DPT=22740 WINDOW=1024 RES=0x00 SYN URGP=0 May 6 05:13:39 > lanner kernel: [1263359.277850] Denied-by-filter:INPUT IN=eth3 OUT= > MAC=00:90:0b:17:f2:7d:00:01:5c:8e:ea:46:08:00 SRC=198.211.97.48 > DST=73.n.n.133 LEN=30 TOS=0x00 PREC=0x20 TTL=53 ID=0 DF PROTO=UDP > SPT=49076 DPT=1434 LEN=10 > ---- > > > > On Sun, 2 Sep 2018 07:38:19 -0400 > Wayne Sallee <Wayne@xxxxxxxxxxxxxxx> wrote: > >> Thanks, I've been there already, but was not able to find anything that tells how to read the logs. >> >> Wayne Sallee >> Wayne@xxxxxxxxxxxxxxx >> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww >> .WayneSallee.com&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry.com% >> 7Cb8ff328188c7464a15d108d610f9cc5d%7C40cc2915e2834a2794716bdd7ca4c6e1 >> %7C1%7C0%7C636715062395963658&sdata=MYu94BqG%2BvJWA0lCGyaRP8rE1ms >> aVzaS036S7bmE1zk%3D&reserved=0 >> >> -------- Original Message -------- >> *Subject: *SV: SV: netfilter mailing list abandoned >> *From: *André Paulsberg-Csibi (IBM Consultant) >> <Andre.Paulsberg-Csibi@xxxxxxxx> >> *To: *'Wayne Sallee' <Wayne@xxxxxxxxxxxxxxx>, >> netfilter@xxxxxxxxxxxxxxx <netfilter@xxxxxxxxxxxxxxx> >> *Date: *09/01/2018 05:26 PM >>> I will just assume you mean the syntax for making your own log in >>> either iptables / nftables , I would assume this is a good place to >>> start -> >>> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fn >>> etfilter.org%2Fprojects%2Fiptables%2Findex.html&data=02%7C01%7CA >>> ndre.Paulsberg-Csibi%40evry.com%7Cb8ff328188c7464a15d108d610f9cc5d%7 >>> C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636715062395963658&s >>> data=5moR803jEWE%2BgsHS5boJkP5XwoA6pjEl2bR30b4GxOg%3D&reserved=0 >>> >>> However logging typically is "yours to design" and all can be logged , but unless you make specific "rules" for it nothing will be logged . >>> >>> IF on the other hand you want to understand the syntax in the output , you need to explain or show some examples . >>> >>> >>> Best regards >>> André Paulsberg-Csibi >>> Senior Network Engineer >>> IBM Services AS >>> >>> >>> Sensitivity: Internal >>> >>> -----Opprinnelig melding----- >>> Fra: netfilter-owner@xxxxxxxxxxxxxxx >>> <netfilter-owner@xxxxxxxxxxxxxxx> På vegne av Wayne Sallee >>> Sendt: lørdag 1. september 2018 17.36 >>> Til: netfilter@xxxxxxxxxxxxxxx >>> Emne: Re: SV: netfilter mailing list abandoned >>> >>> My question on that thread was: >>> >>> "Where is a good place to learn how to understand firewall logs?" >>> >>> What is hard to understand about that question? >>> Doesn't netfilter contribute to the firewall logs? >>> >>> Is there a better mailing list for this subject, that has not been abandoned? >>> >>> Wayne Sallee >>> Wayne@xxxxxxxxxxxxxxx >>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fww >>> w.WayneSallee.com&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry.co >>> m%7Cb8ff328188c7464a15d108d610f9cc5d%7C40cc2915e2834a2794716bdd7ca4c >>> 6e1%7C1%7C0%7C636715062395963658&sdata=MYu94BqG%2BvJWA0lCGyaRP8r >>> E1msaVzaS036S7bmE1zk%3D&reserved=0 >>> >>> -------- Original Message -------- >>> *Subject: *SV: netfilter mailing list abandoned >>> *From: *André Paulsberg-Csibi (IBM Consultant) >>> <Andre.Paulsberg-Csibi@xxxxxxxx> >>> *To: *'Wayne Sallee' <Wayne@xxxxxxxxxxxxxxx>, >>> netfilter@xxxxxxxxxxxxxxx <netfilter@xxxxxxxxxxxxxxx> >>> *Date: *08/29/2018 02:42 PM >>>> Nope , last activity was on Thursday 23. 20:34 , except your mail Friday 24. >>>> >>>> I cannot tell why nobody responded , I did not respond during the >>>> weekend as I was away and after I saw it I could not "imagine" what >>>> exactly you was asking ( which may or may not be the reason no one >>>> else answered either ) >>>> >>>> >>>> >>>> Best regards >>>> André Paulsberg-Csibi >>>> Senior Network Engineer >>>> IBM Services AS >>>> >>>> >>>> Sensitivity: Internal >>>> >>>> -----Opprinnelig melding----- >>>> Fra:netfilter-owner@xxxxxxxxxxxxxxx >>>> <netfilter-owner@xxxxxxxxxxxxxxx> På vegne av Wayne Sallee >>>> Sendt: onsdag 29. august 2018 16.31 Til:netfilter@xxxxxxxxxxxxxxx >>>> Emne: netfilter mailing list abandoned >>>> >>>> Has this mailing list been abandoned? >>>> >>>> Wayne Sallee >>>> Wayne@xxxxxxxxxxxxxxx >>>> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fw >>>> ww.WayneSallee.com&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry. >>>> com%7Cb8ff328188c7464a15d108d610f9cc5d%7C40cc2915e2834a2794716bdd7c >>>> a4c6e1%7C1%7C0%7C636715062395963658&sdata=MYu94BqG%2BvJWA0lCGya >>>> RP8rE1msaVzaS036S7bmE1zk%3D&reserved=0
