Why these connections from 127.0.0.1?
Christian Hiris
4711 at chello.at
Thu Dec 2 10:56:45 PST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 02 December 2004 17:21, Jonathon McKitrick wrote:
> On Thu, Dec 02, 2004 at 01:20:49PM -0300, Fernando Gleiser wrote:
> : In the original case, it seems he is not runing those services. When
> : sendmail (or whatever mta he's using) tries to make an ident lookup, it
> : fails and log in vain logs the connection attempt to the closed port (it
> : only logs attempts to connect to closed ports). Same for biff, something
> : tries to query biff, the connection is refused because it isn't
> : listening, log in vain logs it. That simple, I wouldn't worry about it
>
> I'm running a local sendmail just to forward root mail to my user account.
> The rest of my mail comes from remote accounts or POP3.
If you don't like to read the messages in your logs, you can add two firewall
rules to your firewall-config (assuming you run ipfw):
${fwcmd} add 90 reject tcp from 127.0.0.1 to 127.0.0.1 113 via lo0
${fwcmd} add 91 reject udp from 127.0.0.1 to 127.0.0.1 512 via lo0
The rules must be placed before the rule where you allow all traffic that goes
via lo0:
# ipfw show | grep lo0
00090 1 64 reject tcp from 127.0.0.1 to 127.0.0.1 dst-port 113 via lo0
00091 0 0 reject tcp from 127.0.0.1 to 127.0.0.1 dst-port 512 via lo0
00100 0 0 allow ip from any to any via lo0
Because the packets are rejected by the firewall now, they do not reach the
point where the kernel processes the code for sysctl MIB log_in_vain on the
packets. So they are no longer logged.
Rejecting maybe prevents sendmail of a 60 second delay, because it no longer
needs to wait for a identd reply. I don't know too much about the sendmail
code, so I'm not 100 pct. sure about how sendmail handles identd timeouts.
When you run a small home-network it's more a kind of academic discussion, you
probably can live with this as is.
- --
Christian Hiris <4711 at chello.at> | OpenPGP KeyID 0x3BCA53BE
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFBr2Vq09WjGjvKU74RAtRhAJ9yK5itVpXGfzaovALa9gR9xli9OwCfYcua
7aOoEfBbcenBHsbtRKSPYxU=
=3bjP
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list