From owner-freebsd-questions Sat Dec 14 4:29:56 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F07537B401 for ; Sat, 14 Dec 2002 04:29:54 -0800 (PST) Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26CC243ED1 for ; Sat, 14 Dec 2002 04:29:53 -0800 (PST) (envelope-from rehsack@liwing.de) Received: (qmail 44622 invoked from network); 14 Dec 2002 12:29:41 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 14 Dec 2002 12:29:41 -0000 Message-ID: <3DFB23FA.60803@liwing.de> Date: Sat, 14 Dec 2002 13:28:42 +0100 From: Jens Rehsack Organization: LiWing IT-Services User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Erwan Breton Cc: freebsd-questions@freebsd.org Subject: Re: Kernel log messages References: <200212141214.42931.breton@cri.ensmp.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Erwan Breton wrote: > Hi, > > Since i have activate the firewall on my Box, I have many kernel log > messages in my security check output every night. the problem is, idon't see > anymore interessant messages like bad login. > > athena kernel log messages: > >><110>ipfw: 600 Deny TCP 80.14.195.215:3795 10.255.255.250:4661 out via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:3801 192.168.10.210:4661 out via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:3810 192.168.1.77:4661 out via tun0 >>ipfw: 1600 Deny ICMP:3.3 192.168.1.2 80.14.195.215 in via tun0 >>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 >>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 >>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 >>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:4191 192.168.17.200:4661 out via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:4193 192.168.100.99:4661 out via tun0 >>ipfw: 700 Deny TCP 80.14.195.215:4198 172.16.1.50:4661 out via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:4217 192.168.19.1:4661 out via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:4222 192.168.99.1:4661 out via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:4227 192.168.200.107:4661 out via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:4234 192.168.0.23:4661 out via tun0 >>ipfw: 600 Deny TCP 80.14.195.215:4236 10.1.251.1:4661 out via tun0 >>ipfw: 800 Deny TCP 80.14.195.215:4242 192.168.1.6:4661 out via tun0 >>Etc .. etc .. etc ... > > > main# uname -a > FreeBSD 4.7-STABLE #10: Thu Nov 28 19:00:13 CET 2002 > I just active firewall (i think :o) ) > > If u need more conf (like syslog.conf) tell it. > > Thanks for ideas and answers. It seems you use rules which locks the blocked packets. If you sent your firewall config, I can say you which rules do that. Moved to questions@freebsd.org, cause it's not a security related question but a config related one. Jens > -- > R1 Bzh!!! > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > -- L i W W W i Jens Rehsack L W W W L i W W W W i nnn gggg LiWing IT-Services L i W W W W i n n g g LLLL i W W i n n g g Friesenstraße 2 gggg 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message