[Firewall] add save tcp port to AIF:UNPRIV TCP

Michel van Dop mvandop at xs4all.nl
Mon Apr 15 09:06:50 CEST 2013


 

yes, thank you!

Arno van Amersfoort schreef op 2013-04-13 13:05:


> You just want to get rid of the log messages, right?
> 
> Just use
DENY_TCP_NOLOG & DENY_UDP_NOLOG then....
> 
> a.
> 
> On 10-Apr-13
22:04, Michel van Dop wrote:
> 
>> Hello, How can i remove 2 tcp ports
from the unpriv tcp range ports? I get many log rules like this:
AIF:UNPRIV TCP packet: IN=eth0 OUT=
MAC=00:0c:29:19:39:be:00:03:fe:a0:xx:xx:xx:xx SRC=217.123.3.113
DST=82.94.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=2037 DF PROTO=TCP
SPT=50463 DPT=2197 WINDOW=8192 RES=0x00 SYN URGP=0 I have a web
application runs on to unknow TCP port 2197 and 2199. And i have already
use this IDS_EXCLUDE_TCP="2199 2197" Best regards, Michel --
_______________________________________________ Firewall mailing list
Firewall at rocky.eld.leidenuniv.nl
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall [1] Arno's
(Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl [2]
>

> _______________________________________________
> Firewall mailing
list
> Firewall at rocky.eld.leidenuniv.nl
>
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall [1]
> Arno's
(Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
[2]

-- 

 

Links:
------
[1]
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
[2]
http://rocky.eld.leidenuniv.nl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130415/d91aa8ee/attachment.html>


More information about the Firewall mailing list