[Firewall] DENY_UDP_NOLOG

Chris Vavruska vavruska at gmail.com
Mon Feb 3 21:23:12 CET 2014


I saw that. Thanks for the heads up. I give it a go sometime this week.

Chris


On Sun, Feb 2, 2014 at 12:31 PM, Lonnie Abelbeck
<lists at lonnie.abelbeck.com>wrote:

> Hi Chris,
>
> With the release of AIF 2.0.1e, can now set DMZ_INPUT_DENY_LOG=0 to
> disable the unwanted logging you described.
>
> Lonnie
>
>
>
> On Jan 15, 2014, at 1:59 PM, Chris Vavruska wrote:
>
> > on a related note...how do I get the following to not log. I tried
> DMZ_INPUT_DENY_LOG=0 and DMZ_OUTPUT_DENY_LOG=0. Was thinking I might need
> to set BROADCAST_UDP_NOLOG
> >
> > Jan 15 14:54:13 shaggy kernel: [3256498.538763] AIF:DMZ-INPUT denied:
> IN=br2 OUT= PHYSIN=eth2 MAC=ff:ff:ff:ff:ff:ff:d4:3d:7e:34:57:d9:08:00
> SRC=192.168.2.20 DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128
> ID=18106 PROTO=UDP SPT=17500 DPT=17500 LEN=111
> >
> >
> > On Wed, Jan 15, 2014 at 2:02 PM, Lonnie Abelbeck <
> lists at lonnie.abelbeck.com> wrote:
> > Daniel,
> >
> > The DENY_UDP_NOLOG adds a (redundant) iptables rule to DROP the packet
> without logging, where PRIV_UDP_LOG=0 keeps a rule from being added to
> generate a log.
> >
> > Personally I use PRIV_UDP_LOG=0 (et al.) on production boxes.
> >
> > Lonnie
> >
> >
> > On Jan 15, 2014, at 11:11 AM, Daniel Weidner wrote:
> >
> > > Is it correct, that the difference between DENY_UDP_NOLOG and
> PRIV_UDP_LOG is the possibility to only remove log messages for specific
> ports?
> > >
> > > Am 15.01.2014 16:45, schrieb Lonnie Abelbeck:
> > >> Hi Daniel,
> > >>
> > >> Judging from your logs, they are UDP 137/138 NETBIOS broadcasts.
> > >>
> > >> Blocking those packets as you did with DENY_UDP_NOLOG is one way,
> another is to control what gets logged...
> > >>
> > >> The four most general logging controls are (with defaults):
> > >> --
> > >> PRIV_UDP_LOG=1
> > >> UNPRIV_UDP_LOG=1
> > >>
> > >> PRIV_TCP_LOG=1
> > >> UNPRIV_TCP_LOG=1
> > >> --
> > >>
> > >> To quiet your NETBIOS broadcasts (and others) in your logs you could
> set:
> > >> --
> > >> PRIV_UDP_LOG=0
> > >> --
> > >> Tip -> the beginning of your logs states: "AIF:PRIV UDP packet:"
> > >>
> > >> To quiet most common logs, set:
> > >> --
> > >> PRIV_UDP_LOG=0
> > >> UNPRIV_UDP_LOG=0
> > >> PRIV_TCP_LOG=0
> > >> UNPRIV_TCP_LOG=0
> > >> --
> > >>
> > >> Of course if you are debugging network issues, you may want to enable
> logging at that time.
> > >>
> > >> Also note that the above variable definitions are 'shell' syntax, no
> spaces before of after the =
> > >>
> > >> Lonnie
> > > _______________________________________________
> > > Firewall mailing list
> > > Firewall at rocky.eld.leidenuniv.nl
> > > http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > > Arno's (Linux IPTABLES Firewall) Homepage:
> > > http://rocky.eld.leidenuniv.nl
> > >
> > >
> >
> > _______________________________________________
> > Firewall mailing list
> > Firewall at rocky.eld.leidenuniv.nl
> > http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > Arno's (Linux IPTABLES Firewall) Homepage:
> > http://rocky.eld.leidenuniv.nl
> >
> > _______________________________________________
> > Firewall mailing list
> > Firewall at rocky.eld.leidenuniv.nl
> > http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > Arno's (Linux IPTABLES Firewall) Homepage:
> > http://rocky.eld.leidenuniv.nl
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20140203/84dfa8eb/attachment.html>


More information about the Firewall mailing list