24 Jul
2019
24 Jul
'19
5:04 p.m.
< IP 0.0.0.0.5678 > 255.255.255.255.5678: UDP, length 106 >
Hello,
They say a little knowledge is dangerous !
At the moment at my tunl0 ( remote location ) I am getting groups of
five of the above line every minute in my recently installed gateway.
I have tried without success to stop it appearing using iptables with
< -A INPUT -p udp -i tunl0 --sport 5678 -j DROP >.
It shows as dropped when I monitor iptables but still appears when
using tcpdump at the same time.
It can be stopped by removing my ipencap entry but that stops my
ampr-ripd reception was well.
Is this just something I have to accept or is there a solution ?
Regards,
Ian..
24 Jul
24 Jul
5:12 p.m.
You will always see that in your tcpdumo as tcpdump works on the kernel level and before
the packet hits the firewall.
But this means that some of the users do not properly filter their neighbour discovery on
mikrotik and do not have sufficient firewall rules to prevent mikrotik neighbour
discovery
Ruben - ON3RVH
On 24 Jul 2019, at 18:08, Ian via 44Net
<44net(a)mailman.ampr.org> wrote:
< IP 0.0.0.0.5678 > 255.255.255.255.5678: UDP, length 106 >
Hello,
They say a little knowledge is dangerous !
At the moment at my tunl0 ( remote location ) I am getting groups of five of the above
line every minute in my recently installed gateway.
I have tried without success to stop it appearing using iptables with < -A INPUT -p
udp -i tunl0 --sport 5678 -j DROP >.
It shows as dropped when I monitor iptables but still appears when using tcpdump at the
same time.
It can be stopped by removing my ipencap entry but that stops my ampr-ripd reception was
well.
Is this just something I have to accept or is there a solution ?
Regards,
Ian..
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
5:43 p.m.
Thank you Ruben,
So I can use tcpdump to see what adjustments I want/need to make and
when I add an entry to iptables and I monitor iptables and see the
action I was expecting, ( in this case dropped packets ) then my
iptable entry has been correctly configured.
Regards,
Ian..
Quoting Ruben ON3RVH via 44Net <44net(a)mailman.ampr.org>rg>:
You will always see that in your tcpdumo as tcpdump
works on the
kernel level and before the packet hits the firewall.
But this means that some of the users do not properly filter their
neighbour discovery on mikrotik and do not have sufficient firewall
rules to prevent mikrotik neighbour discovery
Ruben - ON3RVH
6:36 p.m.
That is indeed correct Ian
Ruben - ON3RVH
On 24 Jul 2019, at 18:44, Ian via 44Net
<44net(a)mailman.ampr.org> wrote:
Thank you Ruben,
So I can use tcpdump to see what adjustments I want/need to make and when I add an entry
to iptables and I monitor iptables and see the action I was expecting, ( in this case
dropped packets ) then my iptable entry has been correctly configured.
Regards,
Ian..
Quoting Ruben ON3RVH via 44Net <44net(a)mailman.ampr.org>rg>:
You will always see that in your tcpdumo as
tcpdump works on the kernel level and before the packet hits the firewall.
But this means that some of the users do not properly filter their neighbour discovery on
mikrotik and do not have sufficient firewall rules to prevent mikrotik neighbour
discovery
Ruben - ON3RVH
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1748
days inactive
1748
days old
3 comments
2 participants
participants (2)
-
gm4upx@gb7jd.co.uk -
Ruben ON3RVH