I have a little dell running redhat server. it's getting ethernet traffic to console and /var/log/messages (up 60Mb) i can't seem to find where to turn it off!
any help would be greatly appreciated.
looks there are several LOG entries... and a bunch of other stuff.
should i start suppressing the lines with "LOG"? or just start over.
this table looks like it suffers from to many users hacking at it.
#
*mangle
:PREROUTING ACCEPT [46908:11484653]
:INPUT ACCEPT [34192:5111549]
:FORWARD ACCEPT [472:46450]
:OUTPUT ACCEPT [69305:5927626]
:POSTROUTING ACCEPT [69838:5988719]
COMMIT
# Completed on Fri Oct 13 16:34:09 2006
# Generated by iptables-save v1.3.5 on Fri Oct 13 16:34:09 2006
*nat
:PREROUTING ACCEPT [85:25137]
:POSTROUTING ACCEPT [79:10430]
:OUTPUT ACCEPT [79:10430] #Routing Rules
-A PREROUTING -s 192.168.0.0/255.255.0.0 -i eth0 -j LOG
-A PREROUTING -s 192.168.0.0/255.255.0.0 -i eth0 -j ACCEPT
-A PREROUTING -s 172.16.0.0/255.240.0.0 -j LOG
-A PREROUTING -s 172.16.0.0/255.240.0.0 -j DROP
-A PREROUTING -s 10.0.0.0/255.0.0.0 -j ACCEPT #Web Filter Prerouting
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
-A PREROUTING -i eth0 -p tcp --dport 3128 -j REDIRECT --to-port 8080
-A PREROUTING -i lo -p tcp --dport 80 -j REDIRECT --to-port 3128
-A PREROUTING -i lo -p tcp --dport 3128 -j REDIRECT --to-port 8080 #VNC Rules:
-A PREROUTING -i eth1 -p tcp --dport 5900 -j DNAT --to-destination 192.168.10.18
-A PREROUTING -i eth1 -p tcp --dport 5901 -j DNAT --to-destination 192.168.10.11
#Your routing table (Refer to /etc/hosts for list of clients)
-A POSTROUTING -s 192.168.10.10 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.11 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.12 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.13 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.14 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.15 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.16 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.17 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.18 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.19 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.20 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.21 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.22 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.23 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.24 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.25 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.26 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.27 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.28 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.29 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.30 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.200 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.201 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.202 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.203 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.204 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.205 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.10.254 -o eth1 -j MASQUERADE
COMMIT
# Completed on Fri Oct 13 16:34:09 2006
# Generated by iptables-save v1.3.5 on Fri Oct 13 16:34:09 2006
*filter
:INPUT DROP [56:30000]
:FORWARD ACCEPT [236:16474]
:OUTPUT ACCEPT [30489:1988516] #Accept Ping request
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT #Allow all packets from network
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT #-A INPUT -i ath0 -j ACCEPT (WIRELESS) #Customized Security
-A INPUT -i eth1 -p tcp -m tcp --dport 8009 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 8008 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 8080 -j DROP
-A INPUT -i eth1 -p udp -m udp --dport 68 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 53 -j ACCEPT #Squid Routing Rules
-A INPUT -i eth0 -p tcp --dport 3128 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #Allow IDENT port
-A INPUT -i eth1 -p tcp -m tcp --dport 113 -m state --state NEW,ESTABLISHED -j ACCEPT #Apache WebServer
-A INPUT -i eth1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT #More Customized security
-A INPUT -i eth1 -p udp -m udp --dport 518 -j LOG
-A INPUT -i eth1 -p udp -m udp --dport 518 -j DROP
-A INPUT -i eth1 -p udp -m udp --dport 517 -j LOG
-A INPUT -i eth1 -p udp -m udp --dport 517 -j DROP
-A INPUT -i eth1 -p udp -m udp --dport 514 -j LOG
-A INPUT -i eth1 -p udp -m udp --dport 514 -j DROP
-A INPUT -i eth1 -p udp -m udp --dport 177 -j LOG
-A INPUT -i eth1 -p udp -m udp --dport 177 -j DROP
-A INPUT -i eth1 -p tcp -m state --state INVALID,NEW -j LOG
-A INPUT -i eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 455 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 137 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 138 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 139 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 1080 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 445 -j DROP #OpenSSH Rules
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 15 --name DEFAULT --rsource -j DROP
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name DEFAULT --rsource -j ACCEPT #FTP Rules
-A INPUT -i eth1 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 21 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 20 -j ACCEPT #SMTP Rule
-A INPUT -i eth1 -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT #POP3 Rules
-A INPUT -i eth1 -p tcp -m tcp --dport 110 -m state --state INVALID -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT #POP3 Secure Rules
-A INPUT -i eth1 -p tcp -m tcp --dport 995 -m state --state INVALID -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 995 -m state --state NEW,ESTABLISHED -j DROP #Some known problem ports
-A INPUT -i eth1 -p udp -m udp --dport 1026 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 3306 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 1433 -j DROP #IRC Chat Relay Rule
-A INPUT -i eth1 -p tcp -m tcp --dport 6667 -j DROP #Forwarding Rules
-A FORWARD -i eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT #Accept all output from network
-A OUTPUT -o eth0 -j ACCEPT #Block specific IPAddresses from attacks (generally, outside US)
-A INPUT -i eth1 -s 58.20.23.126 -j DROP
-A INPUT -i eth1 -s 202.171.132.228 -j DROP
-A INPUT -i eth1 -s 220.0.0.0/8 -j DROP
-A INPUT -i eth1 -s 221.0.0.0/8 -j DROP
-A INPUT -i eth1 -s 222.0.0.0/8 -j DROP
-A INPUT -i eth1 -s 114.44.142.36 -j DROP
-A INPUT -i eth1 -s 221.224.81.194 -j DROP #-A OUTPUT -o ath1 -j ACCEPT (WIRELESS)
#Log and Drop packets from these ports going outside network
-A OUTPUT -o eth1 -p tcp -m tcp --sport 137 -j LOG
-A OUTPUT -o eth1 -p tcp -m tcp --sport 137 -j DROP
-A OUTPUT -o eth1 -p tcp -m tcp --sport 138 -j LOG
-A OUTPUT -o eth1 -p tcp -m tcp --sport 138 -j DROP
-A OUTPUT -o eth1 -p tcp -m tcp --sport 139 -j LOG
-A OUTPUT -o eth1 -p tcp -m tcp --sport 139 -j DROP
COMMIT
# Completed on Fri Oct 13 16:34:09 2006