iptables leaking blocked ip addresses.
Jan Engelhardt
jengelh at linux01.gwdg.de
Mon Jun 20 17:48:50 CEST 2005
>at the 2nd lines of defenses the following is seen:
>
>date and time is utc.
>
>2005-06-18 08:20:38.310864 IP 200.221.11.147.29937 >
>204.238.34.206.25: R 0:0(0) win 0
This looks to me like tcpdump output. As far as I understand, the "listener"
(used by iptraf, tcpdump, etc.) listens before iptables does it works, so you
always see packets. - even those which are to be DROPed.
Take a client connected to eth2 and listen on the eth2 bus. There should not
be anything.
>2005-06-18 08:35:33.035504 IP 200.221.11.147.9618 > 204.238.34.206.25:
>R 3184482893:3184482893(0) win 64240
>2005-06-18 09:12:47.772699 IP 200.221.11.147.37399 >
>204.238.34.206.25: R 0:0(0) win 0
Jan Engelhardt
--
| Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen,
| Am Fassberg, 37077 Goettingen, www.gwdg.de
More information about the netfilter
mailing list