[Firehol-support] dns?
Rick Marshall
rjm at zenucom.com
Wed May 4 03:29:42 BST 2005
hi,
i have a server in china that just gets hammered. so i thought i'd try
limiting access to three ip addresses only (it's par tof our vpn so we
don't need or want general access to the machine)
interface eth1 inet src "${access_ip}"
protection strong 100/sec 200
policy reject
server "${services}" accept
client all accept
and access_ip is set up to be the ip addresses i want to allow in.
now it's logging these udp packets like crazy:
May 4 10:23:40 china kernel: OUT-unknown:IN= OUT=eth1
SRC=211.148.145.81 DST=216.239.53.9 LEN=62 TOS=0x00 PREC=0x00 TTL=64
ID=26267 DF PROTO=UDP SPT=33008 DPT=53 LEN=42
May 4 10:23:42 china kernel: OUT-unknown:IN= OUT=eth1
SRC=211.148.145.81 DST=66.102.11.9 LEN=62 TOS=0x00 PREC=0x00 TTL=64
ID=26268 DF PROTO=UDP SPT=33008 DPT=53 LEN=42
May 4 10:23:44 china kernel: OUT-unknown:IN= OUT=eth1
SRC=211.148.145.81 DST=203.134.64.66 LEN=62 TOS=0x00 PREC=0x00 TTL=64
ID=26269 DF PROTO=UDP SPT=33008 DPT=53 LEN=42
what's really strange is no IN, out is the interface, and SRC is the
address on the interface.
does this mean anything and should i add something to my configuration.
other than this it seems fine.
thanks
rick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rjm.vcf
Type: text/x-vcard
Size: 146 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20050504/cfbd9875/attachment-0002.vcf>
More information about the Firehol-support
mailing list