In the last month or so, my /var/log/messages becomes flooded with errors like this:
Code: Select all
Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=04:01:07:8a:00:01:00:24:38:ab:b6:00:08:00 SRC=117.41.166.216 DST=82.196.0.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=256 PROTO=TCP SPT=6000 DPT=9200 WINDOW=16384 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=04:01:07:8a:00:01:00:24:38:ab:b6:00:08:00 SRC=61.160.224.129 DST=82.196.0.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35352 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=04:01:07:8a:00:01:00:24:38:ab:55:00:08:00 SRC=221.194.44.172 DST=82.196.0.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=04:01:07:8a:00:01:00:24:38:ab:b6:00:08:00 SRC=218.2.0.129 DST=82.196.0.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=TCP SPT=6000 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=04:01:07:8a:00:01:00:24:38:ab:b6:00:08:00 SRC=78.96.82.4 DST=82.196.0.XXX LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=53 DPT=42047 LEN=56
Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=04:01:07:8a:00:01:00:24:38:ab:b6:00:08:00 SRC=218.77.79.38 DST=82.196.0.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59851 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0
Where can I disable it? (I just want to know if someone connects to SSH/SFTP).
My CSF config file is here: http://hetz.me/obp1x
Thanks