Hi! I''m getting a lot of rejected UPNP in my log files. If I understand what is said about version 1.2.7 they shouldn''t show in my logs. Is this an option that have to be activated? /Peter --- 2/22/2002 - Shorewall 1.2.7 Released In this version: UPnP probes (UDP destination port 1900) are now silently dropped in the common chain --- May 10 23:47:09 fw kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=00:60:97:62:43:6c:00:60:08:56:d1:91:08:00 SRC=192.168.0.10 DST=192.168.0.1 LEN=160 TOS=0x00 PREC=0x00 TTL=128 ID=55393 PROTO=UDP SPT=1034 DPT=1900 LEN=140 May 10 23:47:09 fw kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=00:60:97:62:43:6c:00:60:08:56:d1:91:08:00 SRC=192.168.0.10 DST=192.168.0.1 LEN=161 TOS=0x00 PREC=0x00 TTL=128 ID=55394 PROTO=UDP SPT=1034 DPT=1900 LEN=141 May 10 23:47:09 fw kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=00:60:97:62:43:6c:00:60:08:56:d1:91:08:00 SRC=192.168.0.10 DST=192.168.0.1 LEN=160 TOS=0x00 PREC=0x00 TTL=128 ID=55403 PROTO=UDP SPT=1034 DPT=1900 LEN=140 May 10 23:47:09 fw kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=00:60:97:62:43:6c:00:60:08:56:d1:91:08:00 SRC=192.168.0.10 DST=192.168.0.1 LEN=161 TOS=0x00 PREC=0x00 TTL=128 ID=55404 PROTO=UDP SPT=1034 DPT=1900 LEN=141 /Peter _________________________________________________________________ Hämta MSN Explorer kostnadsfritt på http://explorer.msn.se/intl.asp
On Fri, 10 May 2002, Peter Käll wrote:> Hi! > > I''m getting a lot of rejected UPNP in my log files. If I understand what is > said about version 1.2.7 they shouldn''t show in my logs. Is this an option > that have to be activated? >Dropping of UPNP is done in the common.def file -- if you previously created an /etc/common file from a pre-1.2.7 version of common.def, you need to manually update /etc/common to drop UPNP. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Fri, 10 May 2002, Tom Eastep wrote:> > Dropping of UPNP is done in the common.def file -- if you previously > created an /etc/common file from a pre-1.2.7 version of common.def, you > need to manually update /etc/common to drop UPNP. >One way to avoid this problem in the future is as follows: Rather than copying /etc/shorewall/common.def to /etc/shorewall/common and modifying that file (as the documentation instructs), create /etc/shorewall/common and on the first line place: . /etc/shorewall/common.def That way changes to common.def will be applied automatically followed by any special rules that you want to add. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net