> Since I've setup some strict rules for my firewall, I periodically
> get the foolowing lines in messages:
> Dec 10 14:01:13 evp kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=13057 F=0x0000 T=128
[lots of similar lines snipped]
> As you can see, the sequence is quite stable - every ~5min 8 messages one
> after another in 6 sec intervals.
> What could it mean? (besides it has something to do with the firewall)
> And which process emits requests which become denied?
cerise:~$ grep '6' /etc/services
bootps 67/tcp # BOOTP server
bootpc 68/tcp # BOOTP client
Clearly one (or more) of the hosts on the LAN is trying to configure
itself using BOOTP. You can't tell which host, because it doesn't have
an IP address yet (if it did, it wouldn't be using BOOTP).
You might wish to disable logging of broadcast packets.
-- Glynn Clements <email@example.com>
- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to firstname.lastname@example.org