Difference between revisions of "Firewall Logs"

From Atomicorp Wiki
Jump to: navigation, search
m
m
Line 1: Line 1:
 
= Kernel firewall log headers =
 
= Kernel firewall log headers =
  
== ASL_AR_DROP ==
+
== Automatic Blocks ==
  
ASL has blocked packets from an IP that was automatically shunned by ASL.
+
=== ASL_AR_DROP ===
  
 +
ASL has blocked packets from an IP that was automatically shunned by ASL.ASL_AUTOSHUN_BLOCK
  
 +
== User Definied Blocks ==
  
== DROP_ASL_GSCAN ==
+
==ASL_SMTP_OUT==
 +
 
 +
ASL has blocked a user that you have not authorized from sending SMTP traffic outbound.  ASL does not block any users from sending SMTP traffic outbound by default.
 +
 
 +
=== ASL_BLACKLIST_BLOCK ===
 +
 
 +
ASL has blocked traffic from an IP that you placed on the ASL blacklist.  This blacklist is manually created by the user, and ASL will not add IPs to this blacklist.  The blacklist is empty by default.
 +
 
 +
===ASL_GEO_BLOCK===
 +
 
 +
ASL has blocked traffic from a country that you have configured ASL to block via ASLs geoblocking.  This is manually configured by the user, and ASL will not automatically add countries to the geoblocking lists.  No countries are blocked by default.
 +
 
 +
=== DROP_ASL_RATE ===
 +
 
 +
The [[Ratelimit]] you configured for this port have been exceeded.  ASL does not set any rate limits by default.
 +
 
 +
=== DROP_ASL_INPUT ===
 +
ASL has dropped a packet because you have configured it to do this.  ASL does not block connections to any ports by default.
 +
 
 +
 
 +
== RBLS ==
 +
 
 +
=== ASL_AUTOSHUN_BLOCK ===
 +
 
 +
ASL has blocked an IP that is on the autoshun RBL list because you have configured ASL to block IPs from this RBL.  ASL does not block this by default.
 +
 
 +
=== ASL_CIARMY_BLOCK ===
 +
 
 +
ASL has blocked an IP that is on the ciarmy RBL list because you have configured ASL to block IPs from this RBL.  ASL does not block this by default.
 +
 
 +
===ASL_DSHIELD_BLOCK===
 +
 
 +
ASL has blocked an IP that is on the dshield RBL list because you have configured ASL to block IPs from this RBL.  ASL does not block this by default.
 +
 
 +
===ASL_ELASSO_BLOCK===
 +
 
 +
ASL has blocked an IP that is on the spamhaus elasso RBL list because you have configured ASL to block IPs from this RBL.  ASL does not block this by default.
 +
 
 +
===ASL_LASSO_BLOCK===
 +
 
 +
ASL has blocked an IP that is on the spamhaus lasso RBL list because you have configured ASL to block IPs from this RBL.  ASL does not block this by default.
 +
 
 +
===ASL_EMERGING_THREATS_BLOCK===
 +
 
 +
ASL has blocked an IP that is on the emerging threats RBL list because you have configured ASL to block IPs from this RBL.  ASL does not block this by default.
 +
 
 +
===ASL_OPENBL_BLOCK===
 +
 
 +
ASL has blocked an IP that is on the openbl RBL list because you have configured ASL to block IPs from this RBL.  ASL does not block this by default.
 +
 
 +
===ASL_OPENPROXIES_BLOCK===
 +
 
 +
ASL has blocked an IP that is on the openproxies RBL list because you have configured ASL to block IPs from this RBL.  ASL does not block this by default.
 +
 
 +
== Bad Packets ==
 +
 
 +
===ASL_INVALID_INPUT===
 +
 
 +
ASL had dropped an incoming invalid packet.
 +
 
 +
===ASL_INVALID_FWD===
 +
 
 +
ASL had dropped an invalid packet in the FORWARD chain.
 +
 
 +
===ASL_INVALID_OUTPUT===
 +
 
 +
ASL had dropped an outgoing invalid packet.
 +
 
 +
== Port scans ==
 +
 
 +
 
 +
 
 +
=== DROP_ASL_GSCAN ===
 
ASL has detected a potential banner grab portscan.
 
ASL has detected a potential banner grab portscan.
  
== DROP_ASL_CNSCAN ==
+
=== DROP_ASL_CNSCAN ===
  
 
ASL has detected and blocked a connect() portscan.
 
ASL has detected and blocked a connect() portscan.
  
== DROP_ASL_SSCAN ==
+
=== DROP_ASL_SSCAN ===
 
ASL has detected and blocked a potential SYN portscan.
 
ASL has detected and blocked a potential SYN portscan.
  
== DROP_ASL_STSCAN ==
+
=== DROP_ASL_STSCAN ===
  
 
ASL has detected and blocked a stealth portscan.
 
ASL has detected and blocked a stealth portscan.
  
== DROP_ASL_RATE ==
 
  
The [[Ratelimit]] you configured for this port have been exceeded.  ASL does not set any rate limits by default.
+
=== DROP_ASL_MSS ===
 
+
== DROP_ASL_MSS ==
+
  
 
ASL has detected a packet that is too small to be valid.
 
ASL has detected a packet that is too small to be valid.
 
== DROP_ASL_INPUT ==
 
ASL has dropped a packet because you have configured it to do this.  ASL does not block connections to any ports by default.
 

Revision as of 18:13, 15 March 2014

Contents

Kernel firewall log headers

Automatic Blocks

ASL_AR_DROP

ASL has blocked packets from an IP that was automatically shunned by ASL.ASL_AUTOSHUN_BLOCK

User Definied Blocks

ASL_SMTP_OUT

ASL has blocked a user that you have not authorized from sending SMTP traffic outbound. ASL does not block any users from sending SMTP traffic outbound by default.

ASL_BLACKLIST_BLOCK

ASL has blocked traffic from an IP that you placed on the ASL blacklist. This blacklist is manually created by the user, and ASL will not add IPs to this blacklist. The blacklist is empty by default.

ASL_GEO_BLOCK

ASL has blocked traffic from a country that you have configured ASL to block via ASLs geoblocking. This is manually configured by the user, and ASL will not automatically add countries to the geoblocking lists. No countries are blocked by default.

DROP_ASL_RATE

The Ratelimit you configured for this port have been exceeded. ASL does not set any rate limits by default.

DROP_ASL_INPUT

ASL has dropped a packet because you have configured it to do this. ASL does not block connections to any ports by default.


RBLS

ASL_AUTOSHUN_BLOCK

ASL has blocked an IP that is on the autoshun RBL list because you have configured ASL to block IPs from this RBL. ASL does not block this by default.

ASL_CIARMY_BLOCK

ASL has blocked an IP that is on the ciarmy RBL list because you have configured ASL to block IPs from this RBL. ASL does not block this by default.

ASL_DSHIELD_BLOCK

ASL has blocked an IP that is on the dshield RBL list because you have configured ASL to block IPs from this RBL. ASL does not block this by default.

ASL_ELASSO_BLOCK

ASL has blocked an IP that is on the spamhaus elasso RBL list because you have configured ASL to block IPs from this RBL. ASL does not block this by default.

ASL_LASSO_BLOCK

ASL has blocked an IP that is on the spamhaus lasso RBL list because you have configured ASL to block IPs from this RBL. ASL does not block this by default.

ASL_EMERGING_THREATS_BLOCK

ASL has blocked an IP that is on the emerging threats RBL list because you have configured ASL to block IPs from this RBL. ASL does not block this by default.

ASL_OPENBL_BLOCK

ASL has blocked an IP that is on the openbl RBL list because you have configured ASL to block IPs from this RBL. ASL does not block this by default.

ASL_OPENPROXIES_BLOCK

ASL has blocked an IP that is on the openproxies RBL list because you have configured ASL to block IPs from this RBL. ASL does not block this by default.

Bad Packets

ASL_INVALID_INPUT

ASL had dropped an incoming invalid packet.

ASL_INVALID_FWD

ASL had dropped an invalid packet in the FORWARD chain.

ASL_INVALID_OUTPUT

ASL had dropped an outgoing invalid packet.

Port scans

DROP_ASL_GSCAN

ASL has detected a potential banner grab portscan.

DROP_ASL_CNSCAN

ASL has detected and blocked a connect() portscan.

DROP_ASL_SSCAN

ASL has detected and blocked a potential SYN portscan.

DROP_ASL_STSCAN

ASL has detected and blocked a stealth portscan.


DROP_ASL_MSS

ASL has detected a packet that is too small to be valid.

Personal tools