Hi,
I have installed PMFirewall recently and just updated the rules to"Aussies" which are posted on this forum.

Im getting a lot of "deny's" in my logs but im unsure what is actually being denied and whether it is anything important. Can anyone shed any light on the following (they are from the "messages" log)

(1)
Mar 10 19:33:11 plesk kernel: Packet log: input DENY eth0 PROTO=1 207.218.223.134:8 xx.xxx.xx.xx:0(boxip) L=78 S=0x00 I=60906 F=0x0000 T=126 (#23)

(2)
Mar 10 19:44:11 plesk kernel: Packet log: input DENY eth0 PROTO=6 61.153.34.11:4465 xx.xxx.xx.xx:389(box ip) L=48 S=0x00 I=14258 F=0x4000 T=107 SYN (#55)

(3)
Mar 11 00:31:55 plesk /usr/local/psa/named/sbin/named[707]: client 61.153.34.11#4367: update denied

(4)
Mar 10 05:14:07 plesk kernel: Packet log: input DENY eth0 PROTO=17 216.165.207.182:16803 xx.xxx.xx.xxx:137 (2nd box IP NS) L=78 S=0x00 I=27768 F=0x0000 T=114 (#36)


Any help you can throw on this matter will be appreciated. Thanks

Robbie

where it reads xx.xx.xx.xx:yyyy, then yyyy is the port that somebody tried to connect to. So basically, this is just your firewall doing its job.

In (1), it looks like somebody tried to connect on port 0, which either doesn't exist or isn't used. In (2), somebody tried to access LDAP, and a few minutes later (3), they tried to update your DNS servers. Message (3) isn't from the firewall but from the DNS daemon itself. Message (4) is somebody poking to see if you have Windows file sharing turned on.

You can try to track down each offender, but it's generally not worth the trouble. You'll inevitably see these sorts of probes; that's why we use firewalls.

Thanks BOBK very helpful!!!!!!!!!!!!!!!!