Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: SFW2-INext-DROP-DEFLT in journalctl

  1. #1
    Join Date
    Apr 2016
    Location
    North America
    Posts
    537

    Default SFW2-INext-DROP-DEFLT in journalctl

    I'm trying to eliminate journal entries like:

    SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=x SRC=x DST=x LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=666

    Where the SRC is one of two computers (running Windows) hooked up to the router, and DST is my IP.
    Interestingly the one running macOS doesn't seem involved.

    I found https://forums.opensuse.org/showthre...DEFLT-in-dmesg

    I tried
    systemctl disable avahi-daemon.service
    systemctl disable avahi-daemon.socket

    And removed
    mdns_minimal [NOTFOUND=return]
    from /etc/nsswitch.conf

    But I'm still getting those log entries after a reboot.

    Do I need to just add
    mdns off
    at the bottom of nsswitch.conf or host.conf?

    How can I eliminate this?

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,704
    Blog Entries
    1

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    It isn't a configuration on your host that attracts these packets. The firewall is doing what it is supposed to do and drop unsolicited traffic. You've obscured the source address and destination port details, so we can only guess as to whether it is related to SNMP, Bonjour, or some other protocol. A wireshark packet capture could also be used to tell you more.

  3. #3
    Join Date
    Apr 2016
    Location
    North America
    Posts
    537

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    Thanks; that makes sense.

    So I guess I need to either figure out how to accept the traffic
    or prevent it from happening.

    My first thought is that those two Windows PCs are setup to print from a common machine.
    Could this be part of them constantly probing for that printer?
    I don't know much about networking. >_<

  4. #4
    Join Date
    Apr 2016
    Location
    North America
    Posts
    537

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    I turned off "network discovery" on one of the other computers but kept receiving traffic from that IP.

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,704
    Blog Entries
    1

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    Quote Originally Posted by ravas View Post
    Thanks; that makes sense.

    So I guess I need to either figure out how to accept the traffic
    or prevent it from happening.

    My first thought is that those two Windows PCs are setup to print from a common machine.
    Could this be part of them constantly probing for that printer?
    I don't know much about networking. >_<
    Well, I suggest posting the log entries unadulterated, so that we can at least see the destination port associated and advise further. Otherwise we can only speculate.

  6. #6
    Join Date
    Apr 2016
    Location
    North America
    Posts
    537

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    DST=
    is my inet addr as returned by ifconfig eth0

  7. #7
    Join Date
    Apr 2016
    Location
    North America
    Posts
    537

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    Could it be because I didn't open the "ssh port" on install?

  8. #8
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,704
    Blog Entries
    1

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    Quote Originally Posted by ravas View Post
    Could it be because I didn't open the "ssh port" on install?
    I doubt that very much. You still haven't shared the destination port (DPT=...) info.

    Is the logging really brothering you? Perhaps just adjust the firewall logging....
    https://forums.opensuse.org/showthre...74#post2846774

  9. #9
    Join Date
    Apr 2016
    Location
    North America
    Posts
    537

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    I replied in the other thread by mistake.

    Anyhow... I really appreciate the help!

  10. #10
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: SFW2-INext-DROP-DEFLT in journalctl

    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •