dopp at acm.cs.umn.edu wrote: > > I'd guess someone is tryng to exploit you. I'd say let it through and, > on your firewall, route it to a blackhole. > > Gabe > > On Wed, Nov 22, 2000 at 08:19:35AM -0600, Clay Fandre wrote: > > I'm getting tons of denies on my firewall/Masq box on my DSL line which > > is using IPChains to filter out almost everything. I want to make it > > stop because it's filling up my logs. (No, I don't want to turn of > > logging) I'm assuming it's doing a DNS query since it's coming from port > > 53, but don't really know why. My firewall box is a DNS server, but only > > for my internal non-routable network. Anyone have any ideas? > > Actually if I would have paid closer attention to the logs I would have notices that my system was denying return request packets from a request my machine was sending out. (Doing a tcpdump confirmed this thought.) I checked my ipchains rules and DID have a hole opened up for DNS responses, so why was it being denied? Then I looked at the error message, which contains the IPChain rule #. Nov 22 09:38:10 maddog.matrix.comp kernel: Packet log: input DENY eth1 PROTO=17 217.24.32.10:53 64.6.191.90:1030 L=182 S=0x00 I=29240 F=0x0000 T=47 (#32) And then I found it. Rule #32: DENY all ----l- 217.0.0.0/8 anywhere n/a This used to be a IANA reserved address range, which is why I deny it. But after checking out the IANA site, I found out that it was changed in June 2000. http://www.isi.edu/in-notes/iana/assignments/ipv4-address-space If anyone else has this rule in your firewall config you might want to remove it.