On 1.4.2011 17:20, Michael D. Berger wrote: > On my CentOS box that I use mainly as a web server, I have iptables > set to log and reject anything that I don't expect. So lately, > I have getting things like this: > > > Mar 29 17:27:20 mbrc20 kernel: IPT-DROP IN= OUT=lo SRC=192.168.9.20 > DST=192.168.9.20 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46910 DF PROTO=TCP > SPT=56624 DPT=80 WINDOW=32792 RES=0x00 SYN URGP=0 OPT > (0204400C0402080A4A26F7A50000000001030307) UID=0 > > that on at least one occasion repeated for every few seconds for > more than three hours. The ephemeral source port keeps changing in an > irregular manner. > > Any suggestions? Too restrictive OUT=lo This is the loopback device! Add a rule that allows traffic from and to lo -- Kind Regards, Markus Falb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 307 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20110401/0ff1ffc6/attachment-0005.sig>