FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User
Reload this Page F17: iptables logging "--log-prefix" in dmesg?

 
 
LinkBack Thread Tools
 
Old 06-24-2012, 12:35 PM
Reindl Harald
 
Default F17: iptables logging "--log-prefix" in dmesg?
Am 24.06.2012 14:15, schrieb Michael Schwendt:
> On Sun, 24 Jun 2012 14:03:08 +0200, Reindl Harald wrote:
>
>> what is this in dmesg?
>> why is "--log-prefix" here loggd instead the --log-prefix from whatever rule it was?
>>
>> --log-prefixIN=eth1 OUT= MAC=00:50:8d:b5:cc:de:00:01:5c:24:68:01:08:00 SRC=120.89.73.74 DST=84.113.45.179 LEN=60
>> TOS=0x00 PREC=0x00 TTL=51 ID=58168 DF PROTO=TCP SPT=39903 DPT=19 WINDOW=5840 RES=0x00 SYN URGP=0
>>
>> is this more likely a kernel-bug or rsyslog?
>
> What does "iptables-save|grep log-prefix" tell?
> And is it reproducible after "iptables-save|iptables-restore"?

this VERY strange!
_____________________________

after a reboot without calling my firewall-script builing all iptables-rules
from scratch with iptables-commands

[root@srv-rhsoft:~]$ /sbin/iptables --list --numeric --verbose | grep prefix
0 0 LOG udp -- eth1 * !91.118.73.0/24 0.0.0.0/0 state NEW recent: UPDATE
seconds: 2 hit_count: 70 name: udpflood side: source limit: avg 1/min burst 5 LOG flags 0 level 7 prefix "--log-prefix"
0 0 LOG tcp -- eth1 * !91.118.73.0/24 0.0.0.0/0 state NEW recent: UPDATE
seconds: 2 hit_count: 150 name: DEFAULT side: source limit: avg 1/min burst 5 LOG flags 0 level 7 prefix "--log-prefix"
0 0 LOG udp -- eth0 * !192.168.2.0/24 0.0.0.0/0 state NEW recent: UPDATE
seconds: 2 hit_count: 70 name: udpflood side: source limit: avg 1/min burst 5 LOG flags 0 level 7 prefix "--log-prefix"
0 0 LOG tcp -- eth0 * !192.168.2.0/24 0.0.0.0/0 state NEW recent: UPDATE
seconds: 2 hit_count: 150 name: DEFAULT side: source limit: avg 1/min burst 5 LOG flags 0 level 7 prefix "--log-prefix"
5 300 LOG tcp -- !lo * !192.168.2.0/24 0.0.0.0/0 multiport dports
19,24,52,79,109,142,442,464,548,586,631,992,994,33 05 limit: avg 10/hour burst 5 LOG flags 0 level 7 prefix
"--log-prefix"
_____________________________

after calling my "iptables.sh" all is fine NOW

[root@srv-rhsoft:~]$ /sbin/iptables --list --numeric --verbose | grep prefix
0 0 LOG udp -- eth1 * !91.118.73.0/24 0.0.0.0/0 state NEW recent: UPDATE
seconds: 2 hit_count: 70 name: udpflood side: source limit: avg 1/min burst 5 LOG flags 0 level 7 prefix "Firewall
Rate-Control: "
0 0 LOG tcp -- eth1 * !91.118.73.0/24 0.0.0.0/0 state NEW recent: UPDATE
seconds: 2 hit_count: 150 name: DEFAULT side: source limit: avg 1/min burst 5 LOG flags 0 level 7 prefix "Firewall
Rate-Control: "
0 0 LOG udp -- eth0 * !192.168.2.0/24 0.0.0.0/0 state NEW recent: UPDATE
seconds: 2 hit_count: 70 name: udpflood side: source limit: avg 1/min burst 5 LOG flags 0 level 7 prefix "Firewall
Rate-Control: "
0 0 LOG tcp -- eth0 * !192.168.2.0/24 0.0.0.0/0 state NEW recent: UPDATE
seconds: 2 hit_count: 150 name: DEFAULT side: source limit: avg 1/min burst 5 LOG flags 0 level 7 prefix "Firewall
Rate-Control: "
0 0 LOG tcp -- !lo * !192.168.2.0/24 0.0.0.0/0 multiport dports
19,24,52,79,109,142,442,464,548,586,631,992,994,33 05 limit: avg 10/hour burst 5 LOG flags 0 level 7 prefix
"Firewall Portscan: "
_____________________________

looks also like iptables-save works as expected

so i have not really a idea what is happening and at which point
it gets damaged - but since we are speaking about the firewall
i am a little bit nervous

[root@srv-rhsoft:~]$ iptables-save|grep log-prefix
-A INPUT ! -s 91.118.73.0/24 -i eth1 -p udp -m state --state NEW -m recent --update --seconds 2 --hitcount 70
--name udpflood --rsource -m limit --limit 1/min -j LOG --log-prefix "Firewall Rate-Control: " --log-level 7
-A INPUT ! -s 91.118.73.0/24 -i eth1 -p tcp -m state --state NEW -m recent --update --seconds 2 --hitcount 150
--name DEFAULT --rsource -m limit --limit 1/min -j LOG --log-prefix "Firewall Rate-Control: " --log-level 7
-A INPUT ! -s 192.168.2.0/24 -i eth0 -p udp -m state --state NEW -m recent --update --seconds 2 --hitcount 70
--name udpflood --rsource -m limit --limit 1/min -j LOG --log-prefix "Firewall Rate-Control: " --log-level 7
-A INPUT ! -s 192.168.2.0/24 -i eth0 -p tcp -m state --state NEW -m recent --update --seconds 2 --hitcount 150
--name DEFAULT --rsource -m limit --limit 1/min -j LOG --log-prefix "Firewall Rate-Control: " --log-level 7
-A INPUT ! -s 192.168.2.0/24 ! -i lo -p tcp -m multiport --dports
19,24,52,79,109,142,442,464,548,586,631,992,994,33 05 -m limit --limit 10/hour -j LOG --log-prefix "Firewall
Portscan: " --log-level 7
_____________________________




--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 06-30-2012, 06:37 PM
Reindl Harald
 
Default F17: iptables logging "--log-prefix" in dmesg?
Am 24.06.2012 14:15, schrieb Michael Schwendt:
> On Sun, 24 Jun 2012 14:03:08 +0200, Reindl Harald wrote:
>
>> what is this in dmesg?
>> why is "--log-prefix" here loggd instead the --log-prefix from whatever rule it was?
>>
>> --log-prefixIN=eth1 OUT= MAC=00:50:8d:b5:cc:de:00:01:5c:24:68:01:08:00 SRC=120.89.73.74 DST=84.113.45.179 LEN=60
>> TOS=0x00 PREC=0x00 TTL=51 ID=58168 DF PROTO=TCP SPT=39903 DPT=19 WINDOW=5840 RES=0x00 SYN URGP=0
>>
>> is this more likely a kernel-bug or rsyslog?
>
> What does "iptables-save|grep log-prefix" tell?
> And is it reproducible after "iptables-save|iptables-restore"?

since this happens all time after reboot on different machines with rules
like this: https://bugzilla.redhat.com/show_bug.cgi?id=836738

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-02-2012, 01:42 AM
Bill Davidsen
 
Default F17: iptables logging "--log-prefix" in dmesg?
Reindl Harald wrote:

what is this in dmesg?
why is "--log-prefix" here loggd instead the --log-prefix from whatever rule it was?

--log-prefixIN=eth1 OUT= MAC=00:50:8d:b5:cc:de:00:01:5c:24:68:01:08:00 SRC=120.89.73.74 DST=84.113.45.179 LEN=60
TOS=0x00 PREC=0x00 TTL=51 ID=58168 DF PROTO=TCP SPT=39903 DPT=19 WINDOW=5840 RES=0x00 SYN URGP=0

is this more likely a kernel-bug or rsyslog?

Don't see it here unless I make a mistake and type "--log-prefix" twice on the
command line.



--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-02-2012, 08:15 AM
Michael Schwendt
 
Default F17: iptables logging "--log-prefix" in dmesg?
On Sun, 01 Jul 2012 21:42:28 -0400, Bill Davidsen wrote:

> Reindl Harald wrote:
> > what is this in dmesg?
> > why is "--log-prefix" here loggd instead the --log-prefix from whatever rule it was?
> >
> > --log-prefixIN=eth1 OUT= MAC=00:50:8d:b5:cc:de:00:01:5c:24:68:01:08:00 SRC=120.89.73.74 DST=84.113.45.179 LEN=60
> > TOS=0x00 PREC=0x00 TTL=51 ID=58168 DF PROTO=TCP SPT=39903 DPT=19 WINDOW=5840 RES=0x00 SYN URGP=0
> >
> > is this more likely a kernel-bug or rsyslog?
> >
> Don't see it here unless I make a mistake and type "--log-prefix" twice on the
> command line.

It's real -> https://bugzilla.redhat.com/825796
and apparently not limited to --log-prefix.

--
Fedora release 17 (Beefy Miracle) - Linux 3.4.4-3.fc17.x86_64
loadavg: 0.67 0.42 0.22
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-02-2012, 05:48 PM
Bill Davidsen
 
Default F17: iptables logging "--log-prefix" in dmesg?
Michael Schwendt wrote:

On Sun, 01 Jul 2012 21:42:28 -0400, Bill Davidsen wrote:


Reindl Harald wrote:

what is this in dmesg?
why is "--log-prefix" here loggd instead the --log-prefix from whatever rule it was?

--log-prefixIN=eth1 OUT= MAC=00:50:8d:b5:cc:de:00:01:5c:24:68:01:08:00 SRC=120.89.73.74 DST=84.113.45.179 LEN=60
TOS=0x00 PREC=0x00 TTL=51 ID=58168 DF PROTO=TCP SPT=39903 DPT=19 WINDOW=5840 RES=0x00 SYN URGP=0

is this more likely a kernel-bug or rsyslog?


Don't see it here unless I make a mistake and type "--log-prefix" twice on the
command line.


It's real -> https://bugzilla.redhat.com/825796
and apparently not limited to --log-prefix.

It is, and I know why I haven't seen it, it's in restore, so my attempt to make
a change and view with iptables, or save, didn't show it.


Thanks for the pointer.

--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 08:49 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -