hi guys,

I have just configured an arno's iptables firewall on redhat9 and these are logs am getting from my /var/log/messages.

Connection attempt (PRIV): IN=ppp0 OUT= MAC= SRC=x.x.x.x DST=x.x.x.x LEN=458 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=56228 DPT=1027 LEN=438
Connection attempt (PRIV): IN=ppp0 OUT= MAC= SRC=x.x.x.x DST=x.x.x.x LEN=458 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=56229 DPT=1026 LEN=438
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=x.x.x.x DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23827 DF PROTO=TCP SPT=3292 DPT=1608 WINDOW=32000 RES=0x00 SYN URGP=0

What does this mean? Is there any difference betwwen PRIV and UNPRIV? what happening here?

they are attempts from a source to conenct to a destination which is matching a rule on your iptables setup. now i'd have to assume that you have a 56k modem and a connection to your isp and you're being port scanned... PRIV means a port under 1024, UNPRIV means a port over it. the first 1024 ports are theoretically reserved for priveleged services, not services that a normal user may be able to start.

if you wish to stop these messages, i think it's a case of running "dmesg -n1" to change the sensitivity of the kernel log ring buffer