From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RbZYi-0006rO-Hl for garchives@archives.gentoo.org; Fri, 16 Dec 2011 15:18:52 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 27FB621C1FB; Fri, 16 Dec 2011 15:18:42 +0000 (UTC) Received: from homiemail-a82.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by pigeon.gentoo.org (Postfix) with ESMTP id AF8B721C082 for ; Fri, 16 Dec 2011 15:17:36 +0000 (UTC) Received: from homiemail-a82.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a82.g.dreamhost.com (Postfix) with ESMTP id DC1E428207B for ; Fri, 16 Dec 2011 07:17:35 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=libertytrek.org; h=message-id :date:from:mime-version:to:subject:content-type: content-transfer-encoding; q=dns; s=libertytrek.org; b=YPTZh2sPU 0WNfShAeDqLleNfveZQ6zj89gZEgVbpDddkNuUNeyMsA5fNspV8r3DK9uvRPyZRF ESvBtV0gsTQ9doUwGLdNTPtGS386V+WOaawYL88p1pD3xt1V6LSPVhbUGmtPFFlE 0Mux2gk4smQxUnGZdT/pZI1+P93HC/fAJ0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h= message-id:date:from:mime-version:to:subject:content-type: content-transfer-encoding; s=libertytrek.org; bh=HGGqzxqIbBEQHXr c/vTDYcmicMc=; b=nufmzA1z24V6u6e1VBs8eKNVnbo8OGnoSfk1oaOJjsmByhR p0usirH8nKvhuRHmnVipVvUDbNSXH6hJOSP53mUQvtW5OhIOkJFa4oy9bezaD1JJ BwTsjOp31OGBFQUrEiwoHBsqTgrtz3EJBLbRVBRuQlcaTuDCgBhKg5otKo4A= Received: from [127.0.0.1] (smtp.media-brokers.com [70.43.81.99]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by homiemail-a82.g.dreamhost.com (Postfix) with ESMTPSA id 9471628207A for ; Fri, 16 Dec 2011 07:17:35 -0800 (PST) Message-ID: <4EEB610D.9050309@libertytrek.org> Date: Fri, 16 Dec 2011 10:17:33 -0500 From: Tanstaafl User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20111105 Thunderbird/8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] iptables question... Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 98227615-813c-4ad8-9b15-87bab213a4c1 X-Archives-Hash: b55e697f2b8c8f2aeac26bb8dd1d0742 Hi all, I was reading up on some iptables rules in the gentoo security handbook: http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=12&style=printable It mentions DROPing packets with an INVALID state. It sounded/sounds like a good idea, so I added the following rule: -A INPUT -i eth0 -m state --state INVALID -j LOG As suggested, I addd this rule just ABOVE this one: -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT I also changed the DROP action to LOG so I could see what it did if anything. Right after adding this rule, I started seeing lines like this in the log: Dec 16 10:15:31 myhost kernel: IN=eth0 OUT= MAC=00:e0:81:54:9c:8a:00:90:7f:86:a8:c0:08:00 SRC=208.87.137.233 DST=192.168.1.252 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=50113 DPT=25 WINDOW=0 RES=0x00 RST URGP=0 What I don't understand is why it isn't using my LOG prefix that is used for everything else: -A INPUT -j LOG --log-prefix "(>fw-drop): " --log-level 7 Anyone?