< IP 0.0.0.0.5678 > 255.255.255.255.5678: UDP, length 106 >
Hello,
They say a little knowledge is dangerous !
At the moment at my tunl0 ( remote location ) I am getting groups of five of the above line every minute in my recently installed gateway.
I have tried without success to stop it appearing using iptables with < -A INPUT -p udp -i tunl0 --sport 5678 -j DROP >.
It shows as dropped when I monitor iptables but still appears when using tcpdump at the same time.
It can be stopped by removing my ipencap entry but that stops my ampr-ripd reception was well.
Is this just something I have to accept or is there a solution ?
Regards, Ian..
You will always see that in your tcpdumo as tcpdump works on the kernel level and before the packet hits the firewall. But this means that some of the users do not properly filter their neighbour discovery on mikrotik and do not have sufficient firewall rules to prevent mikrotik neighbour discovery
Ruben - ON3RVH
On 24 Jul 2019, at 18:08, Ian via 44Net 44net@mailman.ampr.org wrote:
< IP 0.0.0.0.5678 > 255.255.255.255.5678: UDP, length 106 >
Hello,
They say a little knowledge is dangerous !
At the moment at my tunl0 ( remote location ) I am getting groups of five of the above line every minute in my recently installed gateway.
I have tried without success to stop it appearing using iptables with < -A INPUT -p udp -i tunl0 --sport 5678 -j DROP >.
It shows as dropped when I monitor iptables but still appears when using tcpdump at the same time.
It can be stopped by removing my ipencap entry but that stops my ampr-ripd reception was well.
Is this just something I have to accept or is there a solution ?
Regards, Ian..
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Thank you Ruben,
So I can use tcpdump to see what adjustments I want/need to make and when I add an entry to iptables and I monitor iptables and see the action I was expecting, ( in this case dropped packets ) then my iptable entry has been correctly configured.
Regards, Ian..
Quoting Ruben ON3RVH via 44Net 44net@mailman.ampr.org:
You will always see that in your tcpdumo as tcpdump works on the kernel level and before the packet hits the firewall. But this means that some of the users do not properly filter their neighbour discovery on mikrotik and do not have sufficient firewall rules to prevent mikrotik neighbour discovery
Ruben - ON3RVH
That is indeed correct Ian
Ruben - ON3RVH
On 24 Jul 2019, at 18:44, Ian via 44Net 44net@mailman.ampr.org wrote:
Thank you Ruben,
So I can use tcpdump to see what adjustments I want/need to make and when I add an entry to iptables and I monitor iptables and see the action I was expecting, ( in this case dropped packets ) then my iptable entry has been correctly configured.
Regards, Ian..
Quoting Ruben ON3RVH via 44Net 44net@mailman.ampr.org:
You will always see that in your tcpdumo as tcpdump works on the kernel level and before the packet hits the firewall. But this means that some of the users do not properly filter their neighbour discovery on mikrotik and do not have sufficient firewall rules to prevent mikrotik neighbour discovery
Ruben - ON3RVH
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
gm4upx@gb7jd.co.uk -
Ruben ON3RVH