need some help with apf-firewall logs

Discussion in 'Server Operation' started by Ovidiu, Mar 23, 2012.

  1. Ovidiu

    Ovidiu Active Member

    I have got a couple of logs I can't "read" - can someone explain what the different fields mean?

    i.e. I figured out some of them, i.e. DPT=destination port target, STP=source target port


    Code:
    Mar 23 08:42:33 h1870666 kernel: [161677.396086] ** SDROP ** IN= OUT=eth0 SRC=85.214.229.212 DST=31.184.242.127 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=39297 DF PROTO=TCP SPT=50979 DPT=
    80 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0 
    Code:
    Mar 23 06:48:59 h1870666 kernel: [154862.760090] ** SDROP ** IN= OUT=eth0 SRC=85.214.229.212 DST=31.184.242.127 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=30135 DF PROTO=TCP SPT=48250 DPT=
    80 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0 
    why is an outgoing connection from my own IP (85.214.229.212) being blocked? I am sure if I knew how to read that log line that would become clear to me.
    Besides, why would my server connect to that remote IP?

    I can post a summary of my apf config if its needed to answer this question.

    P.S. I have not set up filtering of outgoing connections in apf so the above log lines must not be based upon the static fitlering but some reactive mechanism of apf.
     
: apf, firewall, log

Share This Page