[squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...
Walter H.
walter.h at mathemainzel.info
Wed Jul 19 09:16:30 UTC 2017
On Wed, July 19, 2017 03:21, Amos Jeffries wrote:
> On 19/07/17 01:37, Walter H. wrote:
>> On Tue, July 18, 2017 15:28, Matus UHLAR - fantomas wrote:
>>> On 18.07.17 14:29, Walter H. wrote:
>>>> -A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>>>
>>>> -A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j
>>>> ACCEPT
>>>
>>>> -A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
>>>
>>>> [17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT=
>>>> MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
>>>> DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
>>>> SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0
>>>
>>> it's a RST packet, apparently for connection that was already closed
>>> and
>>> thus is not ESTABLISHED,RELATED nor NEW
>>>
>>> logging state INVALID could explain
>>
>> how would I do this?
>
>
> Add this line in your iptables config above the generic log ones:
>
> -A INPUT -i br0 -m state --state INVALID -j LOG --log-prefix "IP[IN]
> INVALID]: " --log-level 7
I added these rules, and will see which packets are caught
-A INPUT -m state --state INVALID -j LOG --log-prefix "IP[IN(invalid)]: "
--log-level 7
-A FORWARD -m state --state INVALID -j LOG --log-prefix "IP[FWD(invalid)]:
" --log-level 7
-A OUTPUT -m state --state INVALID -j LOG --log-prefix "IP[OUT(invalid)]:
" --log-level 7
and not by these after:
-A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
-A FORWARD -j LOG --log-prefix "IP[FWD]: " --log-level 7
-A OUTPUT -j LOG --log-prefix "IP[OUT]: " --log-level 7
More information about the squid-users
mailing list