[Firewall] add save tcp port to AIF:UNPRIV TCP

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Sat Apr 13 13:05:23 CEST 2013


You just want to get rid of the log messages, right?

Just use DENY_TCP_NOLOG & DENY_UDP_NOLOG then....

a.


On 10-Apr-13 22:04, Michel van Dop wrote:
> Hello,
>
> How can i remove 2 tcp ports from the unpriv tcp range ports?
>
> I get many log rules like this:
> AIF:UNPRIV TCP packet: IN=eth0 OUT=
> MAC=00:0c:29:19:39:be:00:03:fe:a0:xx:xx:xx:xx SRC=217.123.3.113
> DST=82.94.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=2037 DF PROTO=TCP
> SPT=50463 DPT=2197 WINDOW=8192 RES=0x00 SYN URGP=0
>
> I have a web application runs on to unknow TCP port 2197 and 2199.
>
> And i have already use this IDS_EXCLUDE_TCP="2199 2197"
>
> Best regards,
> Michel
>
> --
>
>
>
>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>


More information about the Firewall mailing list