[Firewall] DENY_UDP_NOLOG

Daniel Weidner hallo at danielweidner.de
Wed Jan 15 18:11:39 CET 2014


Is it correct, that the difference between DENY_UDP_NOLOG and 
PRIV_UDP_LOG is the possibility to only remove log messages for specific 
ports?

Am 15.01.2014 16:45, schrieb Lonnie Abelbeck:
> Hi Daniel,
>
> Judging from your logs, they are UDP 137/138 NETBIOS broadcasts.
>
> Blocking those packets as you did with DENY_UDP_NOLOG is one way, another is to control what gets logged...
>
> The four most general logging controls are (with defaults):
> --
> PRIV_UDP_LOG=1
> UNPRIV_UDP_LOG=1
>
> PRIV_TCP_LOG=1
> UNPRIV_TCP_LOG=1
> --
>
> To quiet your NETBIOS broadcasts (and others) in your logs you could set:
> --
> PRIV_UDP_LOG=0
> --
> Tip -> the beginning of your logs states: "AIF:PRIV UDP packet:"
>
> To quiet most common logs, set:
> --
> PRIV_UDP_LOG=0
> UNPRIV_UDP_LOG=0
> PRIV_TCP_LOG=0
> UNPRIV_TCP_LOG=0
> --
>
> Of course if you are debugging network issues, you may want to enable logging at that time.
>
> Also note that the above variable definitions are 'shell' syntax, no spaces before of after the =
>
> Lonnie


More information about the Firewall mailing list