The resulting firewall rules shown via iptables all look correct.
But I can't figure out why even "allowed" packets are being logged. e.g. this connection from me to the ASL GUI:
Code: Select all
kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=(redacted) SRC=MY-OWN-IP DST=SERVER-IP LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=0 PROTO=TCP SPT=56677 DPT=30000
SEQ=1398141190 ACK=1398141190 WINDOW=0 RES=0x00 RST URGP=0
I also see entries logged for connections to other open ports, e.g. 587, and again the logs show that someone is correctly authenticating, so I don't know why it is being logged.
The relevant part of the IPtables output is:
Code: Select all
Chain ASL-Firewall-INPUT (1 references)
pkts bytes target prot opt in out source destination
93754 39M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
44198 3705K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
82553 11M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
326 16952 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:30000
(snip - lots of other allowed ports)
127 6155 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 7 level 6 prefix `DROP_ASL_INPUT '
128 6207 DROP all -- * * 0.0.0.0/0 0.0.0.0/0