Site Navigation

Date:      Sat, 14 Dec 2002 13:28:42 +0100
From:      Jens Rehsack <rehsack@liwing.de>
To:        Erwan Breton <breton@cri.ensmp.fr>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Kernel log messages
Message-ID:  <3DFB23FA.60803@liwing.de>
References:  <200212141214.42931.breton@cri.ensmp.fr>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Erwan Breton wrote:
> Hi,
> 
>   Since i have activate the firewall on my Box, I have many kernel log 
> messages in my security check output every night. the problem is, idon't see 
> anymore interessant messages like bad login.
> 
> athena kernel log messages:
> 
>><110>ipfw: 600 Deny TCP 80.14.195.215:3795 10.255.255.250:4661 out via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:3801 192.168.10.210:4661 out via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:3810 192.168.1.77:4661 out via tun0
>>ipfw: 1600 Deny ICMP:3.3 192.168.1.2 80.14.195.215 in via tun0
>>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
>>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
>>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
>>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:4191 192.168.17.200:4661 out via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:4193 192.168.100.99:4661 out via tun0
>>ipfw: 700 Deny TCP 80.14.195.215:4198 172.16.1.50:4661 out via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:4217 192.168.19.1:4661 out via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:4222 192.168.99.1:4661 out via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:4227 192.168.200.107:4661 out via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:4234 192.168.0.23:4661 out via tun0
>>ipfw: 600 Deny TCP 80.14.195.215:4236 10.1.251.1:4661 out via tun0
>>ipfw: 800 Deny TCP 80.14.195.215:4242 192.168.1.6:4661 out via tun0
>>Etc .. etc .. etc ...
> 
> 
> main# uname -a
> FreeBSD 4.7-STABLE #10: Thu Nov 28 19:00:13 CET 2002
> I just active firewall (i think :o) )
> 
> If u need more conf (like syslog.conf) tell it.
> 
> Thanks for ideas and answers.

It seems you use rules which locks the blocked packets. If you sent your 
firewall config, I can say you which rules do that.

Moved to questions@freebsd.org, cause it's not a security related 
question but a config related one.

Jens

> --
> R1 Bzh!!!
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 
> 



-- 
L     i  W     W     W  i                 Jens Rehsack
L        W     W     W
L     i   W   W W   W   i  nnn    gggg    LiWing IT-Services
L     i    W W   W W    i  n  n  g   g
LLLL  i     W     W     i  n  n  g   g    Friesenstraße 2
                                   gggg    06112 Halle
                                      g
                                  g   g
Tel.:  +49 - 3 45 - 5 17 05 91    ggg     e-Mail: <rehsack@liwing.de>
Fax:   +49 - 3 45 - 5 17 05 92            http://www.liwing.de/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DFB23FA.60803>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact