I have got a couple of logs I can't "read" - can someone explain what the different fields mean? i.e. I figured out some of them, i.e. DPT=destination port target, STP=source target port Code: Mar 23 08:42:33 h1870666 kernel: [161677.396086] ** SDROP ** IN= OUT=eth0 SRC=85.214.229.212 DST=31.184.242.127 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=39297 DF PROTO=TCP SPT=50979 DPT= 80 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0 Code: Mar 23 06:48:59 h1870666 kernel: [154862.760090] ** SDROP ** IN= OUT=eth0 SRC=85.214.229.212 DST=31.184.242.127 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=30135 DF PROTO=TCP SPT=48250 DPT= 80 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0 why is an outgoing connection from my own IP (85.214.229.212) being blocked? I am sure if I knew how to read that log line that would become clear to me. Besides, why would my server connect to that remote IP? I can post a summary of my apf config if its needed to answer this question. P.S. I have not set up filtering of outgoing connections in apf so the above log lines must not be based upon the static fitlering but some reactive mechanism of apf.
