On Tue, 2009-03-24 at 12:35 -0700, Liam Kirsher wrote:
Hi --
I'm noticing lot's of these in the /var/log/messages file:
Mar 24 15:16:07 domU-12-31-39-00-09-F2 syslog-ng[25138]: warning: /etc/hosts.allow, line 17: host name/name mismatch: ec2-67-202-53-122.compute-1.amazonaws.com != domU-12-31-35-00-04-A1.z-2.compute-1.internal Mar 24 15:16:07 domU-12-31-39-00-09-F2 syslog-ng[25138]: Syslog connection rejected by tcpd; from='AF_INET(67.202.53.122:48703)' Mar 24 15:16:17 domU-12-31-39-00-09-F2 syslog-ng[25138]: Syslog connection accepted; fd='22', client='AF_INET(67.202.53.122:48187)', local='AF_INET(0.0.0.0:5000)' Apparently, access is being denied, as it should be. It's just a little disconcerting to see the "connection accepted" message after it has been rejected. telnet this.domain.com 5000 Trying 171.122.232.186... Connected to this.domain.com. Escape character is '^]'. Connection closed by foreign host. Is this the expected behavior? Is there some way to prevent all these messages from showing up in the log file?
Thanks for reporting this. This patch fixes this behaviour (committed to current HEAD) Tomorrow's nightly snapshot should contain it, or you can clone the repository. commit 6fbea222dd8b8531db12c14d23120cfcc3150f5d Author: Balazs Scheidler <bazsi@balabit.hu> Date: Wed Mar 25 11:27:28 2009 +0100 [afsocket] clarified logging about rejected connections Liam reported that the error messages generated when tcp wrapper rejected the connections can easily be misunderstood. This behaviour was fixed. Also, when connections are rejected, the closure of the file descriptor was refactored to a single spot instead of closing it in all failure branches. Reported-By: Liam Kirsher -- Bazsi