[squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...
Amos Jeffries
squid3 at treenet.co.nz
Wed Jul 19 01:21:19 UTC 2017
On 19/07/17 01:37, Walter H. wrote:
> On Tue, July 18, 2017 15:28, Matus UHLAR - fantomas wrote:
>> On 18.07.17 14:29, Walter H. wrote:
>>> -A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>>
>>> -A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j ACCEPT
>>
>>> -A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
>>
>>> [17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT=
>>> MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
>>> DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
>>> SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0
>>
>> it's a RST packet, apparently for connection that was already closed and
>> thus is not ESTABLISHED,RELATED nor NEW
>>
>> logging state INVALID could explain
>
> how would I do this?
Add this line in your iptables config above the generic log ones:
-A INPUT -i br0 -m state --state INVALID -j LOG --log-prefix "IP[IN]
INVALID]: " --log-level 7
(If you are newbie with iptables or not having a major 'Doh!' moment
reading the above config line, then I suggest you find some tutorials
and read up about using netfilter / iptables some starters can be found
at <http://netfilter.org/documentation/index.html>. You are likely to
find out a lot of little tips and tricks that are useful way beyond this
specific question and answers).
PS. This thread seems to have nothing to do with Squid.
<http://netfilter.org/mailinglists.html#ml-user> would be a more
appropriate place to seek this type of help in future.
Amos
More information about the squid-users
mailing list