On Wed, July 19, 2017 03:21, Amos Jeffries wrote: > On 19/07/17 01:37, Walter H. wrote: >> On Tue, July 18, 2017 15:28, Matus UHLAR - fantomas wrote: >>> On 18.07.17 14:29, Walter H. wrote: >>>> -A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT >>> >>>> -A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j >>>> ACCEPT >>> >>>> -A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7 >>> >>>> [17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT= >>>> MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10 >>>> DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP >>>> SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0 >>> >>> it's a RST packet, apparently for connection that was already closed >>> and >>> thus is not ESTABLISHED,RELATED nor NEW >>> >>> logging state INVALID could explain >> >> how would I do this? > > > Add this line in your iptables config above the generic log ones: > > -A INPUT -i br0 -m state --state INVALID -j LOG --log-prefix "IP[IN] > INVALID]: " --log-level 7 I added these rules, and will see which packets are caught -A INPUT -m state --state INVALID -j LOG --log-prefix "IP[IN(invalid)]: " --log-level 7 -A FORWARD -m state --state INVALID -j LOG --log-prefix "IP[FWD(invalid)]: " --log-level 7 -A OUTPUT -m state --state INVALID -j LOG --log-prefix "IP[OUT(invalid)]: " --log-level 7 and not by these after: -A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7 -A FORWARD -j LOG --log-prefix "IP[FWD]: " --log-level 7 -A OUTPUT -j LOG --log-prefix "IP[OUT]: " --log-level 7 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
