(no subject)

Castro btcal@earthlink.net
Wed, 20 Mar 2002 11:04:46 CST 

First of all i have to apologize for the multiple messages.

Hi all!

I recently switched from ipchains to iptables. In adition i'm using
Logwatch. Iptables is working, but i have one problem with the logs
After switching from ipchains to iptables-1.2.4-2 the logs went from
looking like this:

 ################## LogWatch 2.1.1 Begin #####################

 ---------------------- Kernel Begin ------------------------

Denied packets from adsl-129-44.wanadoo.be (213.177.129.44).
  Port 0        (icmp,ppp0,input): 1 packet(s).
Total of 1 packet(s).

Denied packets from cliente-217216144065.cm128.conpb.supercable.es
(217.216.144.65).
  Port ssh      (tcp,ppp0,input): 12 packet(s).
  Port 0        (tcp,ppp0,input): 12 packet(s).
Total of 24 packet(s).

 ---------------------- Kernel End -------------------------

to this:

 ---------------------- Kernel Begin -------------------------

1 Time(s): (ChabServ) IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00
SRC=10.0.0.1 DST=10.0.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=43345 DF
PROTO=TCP SPT=1975 DPT=23 WINDOW=32767 RES=0x00 SYN URGP=0
1 Time(s): (ChabServ) IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00
SRC=10.0.0.1 DST=10.0.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=43346 DF
PROTO=TCP SPT=1975 DPT=23 WINDOW=32767 RES=0x00 SYN URGP=0
1 Time(s): (ChabServ) IN=ppp0 OUT= MAC= SRC=80.62.11.69 DST=66.32.161.158
LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=49296 DF PROTO=TCP SPT=1868 DPT=1214
WINDOW=8192 RES=0x00 SYN URGP=0
3 Time(s): cdrom: This disc doesn't have any tracks I recognize!

The log entries just keep repeating themselves. It looks like a flood

Here is a copy of the iptables script that i use:

#!/bin/bash
IPT="/sbin/iptables"

$IPT -F
$IPT -X firewall

$IPT -N firewall
$IPT -A firewall -j LOG  --log-level info --log-prefix "Firewall:"
$IPT -A firewall -j DROP

$IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

#Accept DNS, 'cause it's warm and friendly
$IPT -A INPUT -p udp --source-port 53 -j ACCEPT
$IPT -A INPUT -p tcp --source-port 113 -j ACCEPT
$IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT

#$IPT -A INPUT -p tcp --destination-port 22  -j ACCEPT

$IPT -A INPUT -p icmp -j firewall
$IPT -A INPUT -p tcp --syn -j firewall
$IPT -A INPUT -p udp -j firewall

Thanks all