UDPFLOOD_ALLOWUSER not being ignored

Post Reply
keenmouse
Junior Member
Posts: 2
Joined: 28 Oct 2021, 16:33

UDPFLOOD_ALLOWUSER not being ignored

Post by keenmouse »

I have six clustered CSF 14.15 servers, all with UDPFLOOD_ALLOWUSER = "bind" set, but I am receiving "UID xxx (bind) Tracking Hit" reports from all servers. This seemed to start happening after I enabled IPv6.

Anyone else seeing the same thing?
keenmouse
Junior Member
Posts: 2
Joined: 28 Oct 2021, 16:33

Re: UDPFLOOD_ALLOWUSER not being ignored

Post by keenmouse »

Update: this is happening even with UDPFLOOD = "0"!
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: UDPFLOOD_ALLOWUSER not being ignored

Post by ForumAdmin »

You need to post the log lines from /var/log/messages or wherever the kernel log lines for the firewall are logged that are being detected by LFD. A sample of which will be provided in the emails from lfd regarding any report. You're also confusing UDP_FLOOD and UID Tracking which are different options.
keenmouse
Junior Member
Posts: 2
Joined: 28 Oct 2021, 16:33

Re: UDPFLOOD_ALLOWUSER not being ignored

Post by keenmouse »

Thanks for your clarification and sorry for my misunderstanding. So all I should need to do is add the UID for bind to csf.uidignore on each server?

Any idea why this has just started happening since installing 14.15, and why it would be catching UPD6 but not UDP4?

Will post log lines if it still proves necessary after this.
Post Reply