ipchains logging too much!

Mike mike at boobaz.net
Mon Mar 19 13:20:41 PST 2001


Look in /etc/protocols for a translation of PROTO=# to the name of the
protocol being referenced. Tuning your firewall will take time. If you
don't want to know when these things are happening, turn off logging for
the rule which they match. If it's a special case, you can always put in
a rule to not log just these specific protocol/source/destination/port
combinations.

---------------------------
-=<(| mike at boobaz.net |)>=-

On Mon, 19 Mar 2001 at 12:57, Benjamin Honsinger wrote:


|Ok, I understand the concept of ipchains and all that, but exactly how it works

|I don't always get. I made my rc.firewall script with the cool web generator.

|Anyway, the way I set it up to log is overkill, something is getting logged

|several times a minute. However, my /var/log/messages file is very cryptic and

|only gives me a number for PROTO= . So could someone please tell me how to stop

|my ipchains from logging the below statements (as well as what service it is

|denying):

|

|Mar 15 13:46:13 server kernel: Packet log: input DENY eth0 PROTO=17 168.99.104.12:631 255.255.255.255:631 L=170 S=0x00 I=11 F=0x0000 T=64 (#39)

| - This one happens _all_ the time

|Mar 19 12:04:58 server kernel: Packet log: input DENY eth0 PROTO=6 168.99.104.238:548 168.99.104.16:49154 L=56 S=0x00 I=57609 F=0x4000 T=255 (#38)

| - This one happens occasionally

|

|Most of the time it is denying packets from the other couple of linux machines

|I have setup here at school, occasionally it denies another computer.

|

|Below is the logging section from my rc.firewall (if you need the whole script

|it is attached)

|

|# ----------------------------------------------------------------------------

|# Enable logging for selected denied packets

|

| #ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -j DENY -l

|

| #ipchains -A input -i $EXTERNAL_INTERFACE -p udp \

| # --destination-port $PRIVPORTS -j DENY -l

|

| #ipchains -A input -i $EXTERNAL_INTERFACE -p udp \

| # --destination-port $UNPRIVPORTS -j DENY -l

|

|

| #ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \

| # --icmp-type 5 -j DENY -l

| #ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \

| # --icmp-type 13:255 -j DENY -l

|

| #ipchains -A output -i $EXTERNAL_INTERFACE -j REJECT -l

|

|# ----------------------------------------------------------------------------

|

|

|Thank you very very much in advance for any help! =)

|

| - Ben




More information about the Linux mailing list