Hi all: I see a lot of these messages: ######################### May 19 06:25:54 munin kernel: [3093836.996827] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32900 PROTO=UDP SPT=51327 DPT=38 LEN=56 May 19 06:27:03 munin kernel: [3093906.026783] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32901 PROTO=UDP SPT=51327 DPT=38 LEN=56 May 19 06:28:12 munin kernel: [3093975.060379] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32902 PROTO=UDP SPT=51327 DPT=38 LEN=56 ######################### At the time of writing 3096 entries and counting... I have filtered out my IP (DST=) UDP 38 is unknown to me and /etc/services did not give me a clue either. What''s going on? Thanks - Øyvind ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
At 5/21/2013 12:12 PM, you wrote:>Hi all: > >I see a lot of these messages: > >######################### > >May 19 06:25:54 munin kernel: [3093836.996827] Shorewall:net2fw:DROP:IN=eth0 OUT >= MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x >LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32900 PROTO=UDP SPT=51327 DPT=38 LEN=56 >May 19 06:27:03 munin kernel: [3093906.026783] Shorewall:net2fw:DROP:IN=eth0 OUT >= MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x >LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32901 PROTO=UDP SPT=51327 DPT=38 LEN=56 >May 19 06:28:12 munin kernel: [3093975.060379] Shorewall:net2fw:DROP:IN=eth0 OUT >= MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x >LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32902 PROTO=UDP SPT=51327 DPT=38 LEN=56 > >######################### > >At the time of writing 3096 entries and counting... > >I have filtered out my IP (DST=) > >UDP 38 is unknown to me and /etc/services did not give me a clue either. > >What''s going on? > >Thanks > >- ØyvindPort 38 is Route Access Protocol - RAP, and someone may be trying to add a route to your firewall. Wayne ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
Hm, thanks. # shorewall drop 77.247.156.58 I got tired looking at 77.247.156.58 cluttering my log. -----Original Message----- From: Wayne S [mailto:linux@zuik.net] Sent: 21. mai 2013 19:36 To: Shorewall Users Subject: Re: [Shorewall-users] UDP 38 - my log is flooded At 5/21/2013 12:12 PM, you wrote: Hi all: I see a lot of these messages: ######################### May 19 06:25:54 munin kernel: [3093836.996827] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32900 PROTO=UDP SPT=51327 DPT=38 LEN=56 May 19 06:27:03 munin kernel: [3093906.026783] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32901 PROTO=UDP SPT=51327 DPT=38 LEN=56 May 19 06:28:12 munin kernel: [3093975.060379] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32902 PROTO=UDP SPT=51327 DPT=38 LEN=56 ######################### At the time of writing 3096 entries and counting... I have filtered out my IP (DST=) UDP 38 is unknown to me and /etc/services did not give me a clue either. What''s going on? Thanks - Øyvind Port 38 is Route Access Protocol - RAP, and someone may be trying to add a route to your firewall. Wayne ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
On 05/21/2013 01:07 PM, Øyvind Lode wrote:> Hm, thanks. > > # shorewall drop 77.247.156.58 > > I got tired looking at 77.247.156.58 cluttering my log. >Note that the dynamic blacklist does not survive a ''shorewall stop/start'' sequence; it does survive a ''shorewall restart'' when you are running later Shorewall versions. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may