Skip to main content

too many tcp ip blocked in messages log

Comments

7 comments

  • cPanelMichael
    Hello :) It shows most of those connections are to port 3128. Do you have any services running on that port? It's not necessarily an attack on your system, but you may want to install/configure a firewall such as CSF if you have not done so already and are simply using iptables rules. Thank you.
    0
  • upsforum
    I use CSF but 3128 is disabled, I tried with psa but not is active daemon o software on this port
    0
  • upsforum
    rDNS of these ip are all on psychz.net
    0
  • quietFinn
    [quote="upsforum, post: 1513731">I use CSF but 3128 is disabled, I tried with psa but not is active daemon o software on this port
    Indeed, you get those messages because someone is trying to connect to a port closed by your firewall. If you don't want to see those messages in the log you can add that port in DROP_NOLOG.
    0
  • eugenevdm.host
    Indeed, you get those messages because someone is trying to connect to a port closed by your firewall. If you don't want to see those messages in the log you can add that port in DROP_NOLOG.

    Hi there, I'm a newbie to CSF. My logs display these messages for ports 12504, 1433, 29977, etc. Could you guide me to: 1. What is the syntax for DROP_NOLOG for a specific port, e.g. block port 1433? 2. How can I see a list of *all* ports that are currently blocked?
    0
  • quietFinn
    Hi there, I'm a newbie to CSF. My logs display these messages for ports 12504, 1433, 29977, etc. Could you guide me to: 1. What is the syntax for DROP_NOLOG for a specific port, e.g. block port 1433? 2. How can I see a list of *all* ports that are currently blocked?

    1. in CSF -> Firewall Configuration -> Logging Settings -> DROP_NOLOG 2. CSF blocks ALL ports, and then opens ports you specify in CSF -> Firewall Configuration -> IPv4 Port Settings -> TCP_IN
    0
  • eugenevdm.host
    thanks a lot man, I found the documentation for the firewall and created a paranoid DROP_NOLOG list so that the log file can be more quiet: DROP_NOLOG= "2:19,23:24,27:36,38:42,44:52,54:79,81:109,111:112,114:142,144:442,444:464,466:578,580:586,588:782,784:872,874:992,994,996:2076,2081,2084:2085,2088,2090:2094,2097:2194,2196:2702,2704:3305,3307:6276,6278:24440,24442:65535" The firewall documentation is here:
    0

Please sign in to leave a comment.