I am having the dardnest time getting rid of these damn things in my logs can someone please help!!!

Aug 14 21:48:17 Anekin kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:60:1d:f7:a0:52:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328
TOS=0x00 PREC=0x00 TTL=255 ID=24992 DF PROTO=UDP SPT=68 DPT=67 LEN=308


External Interface: eth1
Internal Interface: eth0
---
---
Internal Network: 10.10.10.0/24
Internal IP: 10.10.10.254/24


I have tried everything in my firewall config.. Someone please

Here is my rc.firewall


#!/bin/sh
#
# rc.firewall-2.4-stronger
FWVER=0.73s

echo -e "\nLoading STRONGER rc.firewall - version $FWVER..\n"


IPTABLES=/sbin/iptables
#IPTABLES=/usr/local/sbin/iptables
#
LSMOD=/sbin/lsmod
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
GREP=/bin/grep
AWK=/bin/awk
SED=/bin/sed
IFCONFIG=/sbin/ifconfig


EXTIF="eth1"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo " ---"

EXTIP="`$IFCONFIG $EXTIF | $GREP 'inet addr' | $AWK '{print $2}' | \
$SED -e 's/.*://'`"

echo " External IP: $EXTIP"
echo " ---"


# Assign the internal TCP/IP network and IP address
INTNET="10.10.10.0/24"
INTIP="10.10.10.254/24"
echo " Internal Network: $INTNET"
echo " Internal IP: $INTIP"
echo " ---"




# Setting a few other local variables
#
UNIVERSE="0.0.0.0/0"

echo " - Verifying that all kernel modules are ok"
$DEPMOD -a

echo -en " Loading kernel modules: "


echo -en "ip_tables, "
if [ -z "` $LSMOD | $GREP ip_tables | $AWK {'print $1'} `" ]; then
$INSMOD ip_tables
fi


echo -en "ip_conntrack, "
if [ -z "` $LSMOD | $GREP ip_conntrack | $AWK {'print $1'} `" ]; then
$INSMOD ip_conntrack
fi

echo -e "ip_conntrack_ftp, "
if [ -z "` $LSMOD | $GREP ip_conntrack_ftp | $AWK {'print $1'} `" ]; then
$INSMOD ip_conntrack_ftp
fi


echo -en " ip_conntrack_irc, "
if [ -z "` $LSMOD | $GREP ip_conntrack_irc | $AWK {'print $1'} `" ]; then
$INSMOD ip_conntrack_irc
fi


echo -en "iptable_nat, "
if [ -z "` $LSMOD | $GREP iptable_nat | $AWK {'print $1'} `" ]; then
$INSMOD iptable_nat
fi


echo -e "ip_nat_ftp"
if [ -z "` $LSMOD | $GREP ip_nat_ftp | $AWK {'print $1'} `" ]; then
$INSMOD ip_nat_ftp
fi

echo " ---"

echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo " ---"

echo " Clearing any existing rules and setting default policy to DROP.."
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -F -t nat

if [ -n "`$IPTABLES -L | $GREP drop-and-log-it`" ]; then
$IPTABLES -F drop-and-log-it
fi
$IPTABLES -X
$IPTABLES -Z
echo " Creating a DROP chain.."
$IPTABLES -N drop-and-log-it
$IPTABLES -A drop-and-log-it -j LOG --log-level info
$IPTABLES -A drop-and-log-it -j DROP

echo -e "\n - Loading INPUT rulesets"


$IPTABLES -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
$IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state ESTABLISHED,RELATED -j ACCEPT

#***********************************************************************
$IPTABLES -A INPUT -i $EXTIF -p tcp --sport 1024:65535 --dport 25 -j ACCEPT
echo -e " - Allowing EXTERNAL access to DHCP ports 67 to 68 - INPUT"
$IPTABLES -A INPUT -i $EXTIF -p udp --sport 67 --dport 68 -j ACCEPT
echo -e " - Allowing EXTERNAL access to DHCP ports 68 to 67 - OUTPUT"
$IPTABLES -A OUTPUT -o $EXTIF -p udp --sport 68 --dport 67 -j ACCEPT
echo -e " - Allowing INTERNAL access to DHCP ports 67 to 68 - INPUT"
$IPTABLES -A INPUT -i $INTIF -p udp --sport 67 --dport 68 -j ACCEPT
echo -e " - Allowing INTERNAL access to DHCP ports 68 to 67 - OUTPUT"
$IPTABLES -A OUTPUT -o $INTIF -p udp --sport 68 --dport 67 -j ACCEPT
#**********************************************************************

echo -e " - Allowing EXTERNAL access to the WWW server - 8080"
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $EXTIP --dport 8080 -j ACCEPT



$IPTABLES -A INPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it


echo -e " - Loading OUTPUT rulesets"
$IPTABLES -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -s $INTIP -d $INTNET -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j drop-and-log-it
$IPTABLES -A OUTPUT -o $EXTIF -s $EXTIP -d $UNIVERSE -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -p tcp -s $INTIP --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -p udp -s $INTIP --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT

$IPTABLES -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it
echo -e " - Loading FORWARD rulesets"
echo " - FWD: Allow all connections OUT and only existing/related IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j drop-and-log-it
echo " - NAT: Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
echo -e "\nDone.\n"

Got it working thanks

0 members found this post helpful.