What do you really want to know? This is what I read from the piece of log you posted:
Quote:
Nov 5 08:17:41 gateway kernel: IN=eth0 OUT=eth0 SRC=10.10.10.71 DST=192.43.244.18 LEN=76 TOS=0x00 PREC=0xC0 TTL=248 ID=24731 PROTO=UDP SPT=9876 DPT=123 LEN=56
Nov 5 08:17:41 gateway kernel: [IPTABLES DROP] : IN=eth0 OUT=eth0 SRC=10.10.10.71 DST=192.43.244.18 LEN=76 TOS=0x00 PREC=0xC0 TTL=248 ID=24731 PROTO=UDP SPT=9876 DPT=123 LEN=56
Nov 5 08:17:41 gateway kernel: IN=eth0 OUT=eth0 SRC=10.10.10.72 DST=192.43.244.18 LEN=76 TOS=0x00 PREC=0xC0 TTL=248 ID=35364 PROTO=UDP SPT=9876 DPT=123 LEN=56
Nov 5 08:17:41 gateway kernel: [IPTABLES DROP] : IN=eth0 OUT=eth0 SRC=10.10.10.72 DST=192.43.244.18 LEN=76 TOS=0x00 PREC=0xC0 TTL=248 ID=35364 PROTO=UDP SPT=9876 DPT=123 LEN=56
|
These are about internal hosts 10.10.10.71 and 10.10.10.72 trying to time sync using NTP from 192.43.244.18 (time.nist.gov). Would be safe I think to allow, if you wanted to.
Quote:
Nov 5 08:17:42 gateway kernel: IN=eth0 OUT=eth0 SRC=10.10.10.152 DST=72.14.203.100 LEN=40 TOS=0x00 PREC=0x00 TTL=126 ID=54193 DF PROTO=TCP SPT=3458 DPT=443 WINDOW=64934 RES=0x00 ACK URGP=0
Nov 5 08:17:42 gateway kernel: IN=eth0 OUT=eth0 SRC=10.10.10.119 DST=64.94.18.201 LEN=89 TOS=0x00 PREC=0x00 TTL=126 ID=19850 DF PROTO=TCP SPT=52470 DPT=443 WINDOW=260 RES=0x00 ACK PSH URGP=0
|
These are probably about internal hosts 10.10.10.152 and 10.10.10.119 trying to open SSL (HTTPS) pages at 72.14.203.100 and 64.94.18.201.
All of this is apparently logged (and likely blocked) by your iptables ruleset.
-Bert
