Hello,
When we run
we get the "attacks" to server.
Then I find a particular IP many, many times:
how I can know what rule in IPTABLES cause the BLOCK, or why this IP is blocked?
also why
show 7 records and not 20 ?
When we run
Code:
journalctl --no-pager | grep "TCP_IN Blocked"
Then I find a particular IP many, many times:
Code:
[[email protected] ~]# journalctl --no-pager | grep "TCP_IN Blocked" | grep '78.46.90.135'
Jun 18 23:55:02 pepsi.coke.com kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=23953 DF PROTO=TCP SPT=51290 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 18 23:55:03 pepsi.coke.com kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=23954 DF PROTO=TCP SPT=51290 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 18 23:55:05 pepsi.coke.com kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=23955 DF PROTO=TCP SPT=51290 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 18 23:55:09 pepsi.coke.com kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=23956 DF PROTO=TCP SPT=51290 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 18 23:55:17 pepsi.coke.com kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=23957 DF PROTO=TCP SPT=51290 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 18 23:55:33 pepsi.coke.com kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=23958 DF PROTO=TCP SPT=51290 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 18 23:56:05 pepsi.coke.com kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=23959 DF PROTO=TCP SPT=51290 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 19 00:00:02 pepsi kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=1343 DF PROTO=TCP SPT=51506 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 19 00:00:03 pepsi kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=1344 DF PROTO=TCP SPT=51506 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 19 00:00:05 pepsi kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=1345 DF PROTO=TCP SPT=51506 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 19 00:00:09 pepsi kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=1346 DF PROTO=TCP SPT=51506 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 19 00:00:17 pepsi kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=1347 DF PROTO=TCP SPT=51506 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Jun 19 00:00:33 pepsi kernel: Firewall: *TCP_IN Blocked* IN=enp2s0 OUT= MAC=MyMAC:0c:86:10:ed:35:02:08:00 SRC=78.46.90.135 DST=Mi.Ip.Public.Dedicated LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=1348 DF PROTO=TCP SPT=51506 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
thousands more ...
also why
Code:
journalctl -n 20 --no-pager | grep "TCP_IN Blocked" | grep '78.46.90.135'