
Im my home network. I started to log this rule:
Code: Select all
iptables -t mangle -I PREROUTING -m conntrack --ctstate INVALID -j DROP
Some sample:
https://pastebin.com/W0a9B9L7
Code: Select all
Tue Sep 11 11:46:56 2018 kern.warn kernel: [26450.270000] CTInvalid: IN=br-lan OUT= MAC=rr:rr:rr:rr:rr:rr:aa:aa:aa:aa:aa:aa:08:00 SRC=10.0.0.7 DST=172.217.29.138 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=8018 DF PROTO=TCP SPT=42604 DPT=443 WINDOW=1550 RES=0x00 ACK FIN URGP=0
Tue Sep 11 11:47:57 2018 kern.warn kernel: [26511.760000] CTInvalid: IN=br-lan OUT= MAC=rr:rr:rr:rr:rr:rr:aa:aa:aa:aa:aa:aa:08:00 SRC=10.0.0.7 DST=172.217.29.106 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=46026 DF PROTO=TCP SPT=47570 DPT=443 WINDOW=409 RES=0x00 ACK FIN URGP=0
Tue Sep 11 11:47:58 2018 kern.warn kernel: [26512.140000] CTInvalid: IN=br-lan OUT= MAC=rr:rr:rr:rr:rr:rr:aa:aa:aa:aa:aa:aa:08:00 SRC=10.0.0.7 DST=172.217.29.106 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=46027 DF PROTO=TCP SPT=47570 DPT=443 WINDOW=409 RES=0x00 ACK PSH FIN URGP=0
Tue Sep 11 11:48:03 2018 kern.warn kernel: [26516.930000] CTInvalid: IN=br-lan OUT= MAC=rr:rr:rr:rr:rr:rr:aa:aa:aa:aa:aa:aa:08:00 SRC=10.0.0.7 DST=172.217.29.106 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=46028 DF PROTO=TCP SPT=47570 DPT=443 WINDOW=409 RES=0x00 ACK PSH FIN URGP=0
Tue Sep 11 11:48:12 2018 kern.warn kernel: [26526.800000] CTInvalid: IN=br-lan OUT= MAC=rr:rr:rr:rr:rr:rr:tt:tt:tt:tt:tt:tt:08:00 SRC=10.0.0.4 DST=157.240.12.32 LEN=89 TOS=0x00 PREC=0x00 TTL=64 ID=9302 DF PROTO=TCP SPT=50437 DPT=443 WINDOW=262 RES=0x00 ACK PSH FIN URGP=0
Tue Sep 11 14:52:16 2018 kern.warn kernel: [37570.050000] CTInvalid: IN=br-lan OUT= MAC=rr:rr:rr:rr:rr:rr:dd:dd:dd:dd:dd:dd:08:00 SRC=10.0.0.2 DST=162.125.33.7 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=26662 DF PROTO=TCP SPT=1634 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0
Tue Sep 11 14:52:39 2018 kern.warn kernel: [37593.000000] CTInvalid: IN=br-lan OUT= MAC=rr:rr:rr:rr:rr:rr:dd:dd:dd:dd:dd:dd:08:00 SRC=10.0.0.2 DST=162.125.5.3 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=26780 DF PROTO=TCP SPT=1782 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0
Tue Sep 11 14:52:39 2018 kern.warn kernel: [37593.020000] CTInvalid: IN=br-lan OUT= MAC=rr:rr:rr:rr:rr:rr:dd:dd:dd:dd:dd:dd:08:00 SRC=10.0.0.2 DST=162.125.5.3 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=26781 DF PROTO=TCP SPT=1780 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0
aa:aa:aa:aa:aa:aa - cel android mac
tt:tt:tt:tt:tt:tt - tablet mac
dd:dd:dd:dd:dd:dd - desktop windows 7 mac
:08:00 - WTF?!
I need help or leave it alone?

Many thanks!