This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rule to Block ssdp (1900/udp)

Ok I setup a new rule to drop all these ssdp packets that are filling up my logs.

The following is a sample log line:
Source:
[1028]
Dest:
255.255.255.255[1900]
Prot: UDP

I defined service as:
ssdp: src port 0:65535 dest port: 1900 prot: udp

Defined Rule:
Source: Any
Service: ssdp
Dest: Any
Action: Drop

Then checked the Livelog and I still see the packets.  Why?

Rule is active and I even moved it to position 1.

Astaro v3.2 is being used.  Should I use "Log Drop" as the action?  Not much definition on these in the manual.

Also note I have been seeing an intiminate problem of Packet Rules not applying until after a reboot.  This could be another occurence of that issue, however I am not local and do not want to remotely reboot to test it.

[size="1"][ 26 June 2002, 13:30: Message edited by: tank ][/size]

This thread was automatically locked due to age.

0 tank over 23 years ago

Ok it looks like I was able to solve it. It appears that ANY does not include 255.255.255.255

I added a host for 255.255.255.255 and put that in the place of ANY in my above rule for the dest. and it worked.

That or the guy that has been pounding that for the past two days has stopped. [;)]
Cancel
Vote Up 0 Vote Down

Cancel