Hi,
I've been configuring up an Astaro firewall - specifically, I've set the packet filter to reject netbios ands sbm packets (as defined by default) but not to log them. However, in the log file itself, I'm getting a lot of:
aaa.bbb.ccc.dd 138 -> aaa.bbb.ccc.255 138 UDP
IP SPOOFING SRC HW ff:ff:ff:ff:ff:ff:00
DST HW xx.xx.xx.xx.xx.....
where aaa.bbb.ccc.0 is the internal LAN
and
zzz.yyy.xxx.8 520 -> 255.255.255.255 520 UDP
where zzz.yyy.xxx.0 is the external interface (private to my ISP so it looks like one of their routers or possibly another customer).
There is an inordinate amount of this - particularly the netbios traffic so I would like to stop it getting logged. The only references in the packet filter list is:
1 Any { netbios } Any Reject
2 Any Microsoft-SMB Any Reject
3 { Network_EXTERNAL } RIP Any Reject
So it appears the logging is coming from somewhere else.
Any thoughts?
Thanks
This thread was automatically locked due to age.
