[Firewall] DENY_UDP_NOLOG

Daniel Weidner hallo at danielweidner.de
Wed Jan 15 12:13:20 CET 2014


Hi,

I have setup arno-iptables-firewall on a Raspberry Pi which is connected 
to a Fritz!Box. I basically use the default configuration provided by 
the Debian package:

EXT_IF="eth0 wlan0"
EXT_IF_DHCP_IP=1
OPEN_TCP="22 25 80 443 993 995 9981 9982" # Ports: 9981 and 9982 are 
used by tvheadend for htsp
OPEN_UDP="53"
INT_IF=""
NAT=0
INTERNAL_NET=""
NAT_INTERNAL_NET=""
OPEN_ICMP=1

Everything seems to be work fine so far. However In 
/var/log/arno-iptables-firewall I receive regulary entries for UDP 
packets e.g:

Jan 15 11:19:09 raspi kernel: [147839.674114] AIF:PRIV UDP packet: 
IN=eth0 OUT= MAC=... SRC=192.168.178.1 DST=192.168.178.255 LEN=96 
TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=76

Jan 15 11:20:06 raspi kernel: [147897.219020] AIF:PRIV UDP packet: 
IN=eth0 OUT= MAC=... SRC=192.168.178.21 DST=192.168.178.255 LEN=240 
TOS=0x00 PREC=0x00 TTL=128 ID=11637 PROTO=UDP SPT=138 DPT=138 LEN=220

In the configuration file I found the option DENY_UDP_NOLOG which allows 
to remove these entries for certain ports (as far as I understand). 
Consequently I added DENY_UDP_NOLOG="137 138" to my described 
configuration. This works as expected. But is there a better possibility 
to only remove these entries for my local network (192.168.178.0/24)?

Thank you for the great script, which is really helpful for beginners 
like me.

Greetings,
Daniel


More information about the Firewall mailing list