Some ruleset-related questions
Mon, 11 Jun 2001 13:11:10 +0800
> my logs started to fill with log strings similar to this one: IN=ppp0
> OUT= MAC= SRC=188.8.131.52 DST=184.108.40.206 LEN=48 TOS=0x00 PREC=0x00 TTL=52
> ID=1607 DF PROTO-TCP SPT=80 DPT=49572 WINDOW=32120 RES=0x00 ACK SYN
The behaviour you mention looks like connections which have expired
(according to conntrack) but the other end doesn't know it yet. Certain
web servers do this, I got around the DNS one by ACCEPT'ing DNS
connections from my ISP's DNS.
> 2. Speaking of logging, I'm not quite sure what happens to the packets
> after they get logged via the LOG target
They continue their merry way until they are ACCEPT'ed, DROP'ped,
REJECT'ed or hit the end of the chain where the chain policy comes into
> 3. ipchains' log entries used to have a field which informed me which
> rule got the packet logged. Is there anything like that among netfilter's
> log data?
No you set this manually with --log-prefix "Blah: " on your LOG rule.
It would be nice to have some sort of thing like that though.
> 4. Last but not least: any comments regarding the ruleset
Not at the moment :)