Since I have reinstalled my OS, I'm getting lots of UDP_IN Blocked errors in my messages log. Can anyone kindly explain what the error say exactly and what I can do to get rid of this error.
Aug 8 22:02:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=11061 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Aug 8 22:02:22 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=13132 PROTO=UDP SPT=58878 DPT=1947 LEN=48
Aug 8 22:02:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=12046 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Aug 8 22:02:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=12047 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Aug 8 22:03:01 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=13134 PROTO=UDP SPT=58878 DPT=1947 LEN=48
Aug 8 22:03:12 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:62:83:46:e6:0d:15:08:00 SRC=178.162.xxx.xxx DST=255.255.255.255 LEN=115 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=5678 DPT=5678 LEN=95
Aug 8 22:03:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=13070 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Aug 8 22:03:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=13071 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Aug 8 22:03:39 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=13136 PROTO=UDP SPT=58878 DPT=1947 LEN=48
Issuing the iptables-save yields the following:
# Generated by iptables-save v1.4.7 on Fri Aug 8 16:42:05 2014
*mangle
:PREROUTING ACCEPT [158298:41039552]
:INPUT ACCEPT [131187:38557000]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [79668:17293129]
:POSTROUTING ACCEPT [79637:17291305]
COMMIT
# Completed on Fri Aug 8 16:42:05 2014
# Generated by iptables-save v1.4.7 on Fri Aug 8 16:42:05 2014
*nat
:PREROUTING ACCEPT [93313:9541674]
:POSTROUTING ACCEPT [896:63899]
:OUTPUT ACCEPT [896:63899]
COMMIT
# Completed on Fri Aug 8 16:42:05 2014
# Generated by iptables-save v1.4.7 on Fri Aug 8 16:42:05 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:ALLOWIN - [0:0]
:ALLOWOUT - [0:0]
:CONNLIMIT - [0:0]
:DENYIN - [0:0]
:DENYOUT - [0:0]
:INVALID - [0:0]
:INVDROP - [0:0]
:LOCALINPUT - [0:0]
:LOCALOUTPUT - [0:0]
:LOGDROPIN - [0:0]
:LOGDROPOUT - [0:0]
:PORTFLOOD - [0:0]
-A INPUT -s 8.8.4.4/32 ! -i lo -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 8.8.4.4/32 ! -i lo -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 8.8.4.4/32 ! -i lo -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -s 8.8.4.4/32 ! -i lo -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -s 4.2.2.4/32 ! -i lo -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 4.2.2.4/32 ! -i lo -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 4.2.2.4/32 ! -i lo -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -s 4.2.2.4/32 ! -i lo -p udp -m udp --sport 53 -j ACCEPT
-A INPUT ! -i lo -j LOCALINPUT
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -p tcp -j INVALID
-A INPUT ! -i lo -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name 22 --rsource
-A INPUT ! -i lo -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 250 --hitcount 2 --name 22 --rsource -j PORTFLOOD
-A INPUT ! -i lo -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 -j CONNLIMIT
-A INPUT ! -i lo -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 2222 -j ACCEPT
-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 46734 -j ACCEPT
-A INPUT ! -i lo -p udp -m state --state NEW -m udp --dport 20 -j ACCEPT
-A INPUT ! -i lo -p udp -m state --state NEW -m udp --dport 21 -j ACCEPT
-A INPUT ! -i lo -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT ! -i lo -j LOGDROPIN
-A OUTPUT -d 8.8.4.4/32 ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 8.8.4.4/32 ! -o lo -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 8.8.4.4/32 ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -d 8.8.4.4/32 ! -o lo -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -d 4.2.2.4/32 ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -d 4.2.2.4/32 ! -o lo -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 4.2.2.4/32 ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -d 4.2.2.4/32 ! -o lo -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT ! -o lo -j LOCALOUTPUT
-A OUTPUT ! -o lo -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT ! -o lo -p tcp -j INVALID
-A OUTPUT ! -o lo -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 113 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 2222 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 46734 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m state --state NEW -m udp --dport 20 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m state --state NEW -m udp --dport 21 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m state --state NEW -m udp --dport 113 -j ACCEPT
-A OUTPUT ! -o lo -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT
-A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A OUTPUT ! -o lo -j LOGDROPOUT
-A ALLOWIN -s 37.254.xxx.xxx/32 ! -i lo -j ACCEPT
-A ALLOWOUT -d 37.254.xxx.xxx/32 ! -o lo -j ACCEPT
-A CONNLIMIT -p tcp -j REJECT --reject-with tcp-reset
-A DENYIN -s 97.77.xxx.xxx/32 ! -i lo -j DROP
-A DENYOUT -d 97.77.xxx.xxx/32 ! -o lo -j LOGDROPOUT
-A INVALID -m state --state INVALID -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags FIN,ACK FIN -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags PSH,ACK PSH -j INVDROP
-A INVALID -p tcp -m tcp --tcp-flags ACK,URG URG -j INVDROP
-A INVALID -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j INVDROP
-A INVDROP -j DROP
-A LOCALINPUT ! -i lo -j ALLOWIN
-A LOCALINPUT ! -i lo -j DENYIN
-A LOCALOUTPUT ! -o lo -j ALLOWOUT
-A LOCALOUTPUT ! -o lo -j DENYOUT
-A LOGDROPIN -p tcp -m tcp --dport 67 -j DROP
-A LOGDROPIN -p udp -m udp --dport 67 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 68 -j DROP
-A LOGDROPIN -p udp -m udp --dport 68 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 111 -j DROP
-A LOGDROPIN -p udp -m udp --dport 111 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 113 -j DROP
-A LOGDROPIN -p udp -m udp --dport 113 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 135:139 -j DROP
-A LOGDROPIN -p udp -m udp --dport 135:139 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 445 -j DROP
-A LOGDROPIN -p udp -m udp --dport 445 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 500 -j DROP
-A LOGDROPIN -p udp -m udp --dport 500 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 513 -j DROP
-A LOGDROPIN -p udp -m udp --dport 513 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 520 -j DROP
-A LOGDROPIN -p udp -m udp --dport 520 -j DROP
-A LOGDROPIN -p tcp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_IN Blocked* "
-A LOGDROPIN -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_IN Blocked* "
-A LOGDROPIN -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_IN Blocked* "
-A LOGDROPIN -j DROP
-A LOGDROPOUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 30/min -j LOG --log-prefix "Firewall: *TCP_OUT Blocked* " --log-uid
-A LOGDROPOUT -p udp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *UDP_OUT Blocked* " --log-uid
-A LOGDROPOUT -p icmp -m limit --limit 30/min -j LOG --log-prefix "Firewall: *ICMP_OUT Blocked* " --log-uid
-A LOGDROPOUT -j DROP
-A PORTFLOOD -m limit --limit 30/min -j LOG --log-prefix "Firewall: *Port Flood* "
-A PORTFLOOD -j DROP
COMMIT
# Completed on Fri Aug 8 16:42:05 2014
Since I have used CSF for configuring my firewall, I will attach only the lines I have touched.
TESTING = "0"
TESTING_INTERVAL = "5"
RESTRICT_SYSLOG = "3"
RESTRICT_SYSLOG_GROUP = "mysyslog"
RESTRICT_UI = "1"
AUTO_UPDATES = "1"
TCP_IN = "20,21,22,25,53,80,110,443,587,995,2222,46734"
TCP_OUT = "20,21,22,25,53,80,110,113,443,2222,46734"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"
ICMP_IN = "1"
ICMP_IN_RATE = "1/s"
ICMP_OUT = "1"
ICMP_OUT_RATE = "0"
IPV6 = "1"
IPV6_ICMP_STRICT = "0"
IPV6_SPI = "1"
TCP6_IN = "20,21,22,25,53,80,110,443,587,995,2222"
TCP6_OUT = "20,21,22,25,53,80,110,113,443,2222"
UDP6_IN = "20,21,53"
UDP6_OUT = "20,21,53,113,123"
ETH_DEVICE = ""
ETH6_DEVICE = ""
ETH_DEVICE_SKIP = ""
USE_CONNTRACK = "0"
SYSLOG_CHECK = "600"
IGNORE_ALLOW = "0"
DNS_STRICT = "0"
DNS_STRICT_NS = "0"
DENY_IP_LIMIT = "200"
DENY_TEMP_IP_LIMIT = "100"
LF_DAEMON = "1"
LF_CSF = "1"