Re: [Astlinux-devel] Firewall states

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi David,

The data under "Firewall States:" originates from /proc/net/nf_conntrack

The TTL is the Time-To-Live of the conntrack state.

I have found the current format quite useful over the years.

BTW, the Prefs tab has a couple of filters:

_x_ Show Firewall States
	Hide SRC Ports:
	Hide DST Ports:

Any defined Source (SRC) or Destination (DST) ports
will not be displayed.  Multiple ports are separated with a space character.

Lonnie

> On Aug 8, 2020, at 1:51 PM, David Kerr <da...@ke...> wrote:
> 
> I've been paying more attention to the firewall states on the status page to try and track down heavy internet users (though thankfully Comcast is back now -- but power is not).
> 
> A lot of the information reported is not very useful.  For example, a lot of bonjour traffic over port 5353 to 224.0.0.251 / ff02::fb currently occupying 6 of the top 11 entries.  And then there is lots of traffic within my internal networks.
> 
> Also, what is the TTL column, is it something to do when last traffic was seen?  Started?  Can we age off old data... about 2/3rd of my entries are showing 7199:xx in the TTL column and I am not sure how to interpret that.
> 
> All I really care about is recent traffic leaving and arriving across the external interface(s).  Other than manually filtering, is there a way we could make the status page's firewall states more helpful?
> 
> Thanks,
> David
> _______________________________________________
> Astlinux-devel mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-devel