Page 1 of 1
UDPFLOOD_ALLOWUSER not being ignored
Posted: 09 Dec 2021, 17:41
by keenmouse
I have six clustered CSF 14.15 servers, all with UDPFLOOD_ALLOWUSER = "bind" set, but I am receiving "UID xxx (bind) Tracking Hit" reports from all servers. This seemed to start happening after I enabled IPv6.
Anyone else seeing the same thing?
Re: UDPFLOOD_ALLOWUSER not being ignored
Posted: 09 Dec 2021, 19:06
by keenmouse
Update: this is happening even with UDPFLOOD = "0"!
Re: UDPFLOOD_ALLOWUSER not being ignored
Posted: 10 Dec 2021, 10:21
by ForumAdmin
You need to post the log lines from /var/log/messages or wherever the kernel log lines for the firewall are logged that are being detected by LFD. A sample of which will be provided in the emails from lfd regarding any report. You're also confusing UDP_FLOOD and UID Tracking which are different options.
Re: UDPFLOOD_ALLOWUSER not being ignored
Posted: 10 Dec 2021, 17:27
by keenmouse
Thanks for your clarification and sorry for my misunderstanding. So all I should need to do is add the UID for bind to csf.uidignore on each server?
Any idea why this has just started happening since installing 14.15, and why it would be catching UPD6 but not UDP4?
Will post log lines if it still proves necessary after this.