[Firewall] DENY_UDP_NOLOG

Arjen Klaverstijn info at arjenklaverstijn.com
Wed Jan 15 18:50:05 CET 2014


I think it's pretty safe, if your device doesn't act as a router, to open
up NetBIOS ports... Could come in handy...
Op 15 jan. 2014 18:13 schreef "Daniel Weidner" <hallo at danielweidner.de>:

> Is it correct, that the difference between DENY_UDP_NOLOG and PRIV_UDP_LOG
> is the possibility to only remove log messages for specific ports?
>
> Am 15.01.2014 16:45, schrieb Lonnie Abelbeck:
>
>> Hi Daniel,
>>
>> Judging from your logs, they are UDP 137/138 NETBIOS broadcasts.
>>
>> Blocking those packets as you did with DENY_UDP_NOLOG is one way, another
>> is to control what gets logged...
>>
>> The four most general logging controls are (with defaults):
>> --
>> PRIV_UDP_LOG=1
>> UNPRIV_UDP_LOG=1
>>
>> PRIV_TCP_LOG=1
>> UNPRIV_TCP_LOG=1
>> --
>>
>> To quiet your NETBIOS broadcasts (and others) in your logs you could set:
>> --
>> PRIV_UDP_LOG=0
>> --
>> Tip -> the beginning of your logs states: "AIF:PRIV UDP packet:"
>>
>> To quiet most common logs, set:
>> --
>> PRIV_UDP_LOG=0
>> UNPRIV_UDP_LOG=0
>> PRIV_TCP_LOG=0
>> UNPRIV_TCP_LOG=0
>> --
>>
>> Of course if you are debugging network issues, you may want to enable
>> logging at that time.
>>
>> Also note that the above variable definitions are 'shell' syntax, no
>> spaces before of after the =
>>
>> Lonnie
>>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20140115/de786b51/attachment.html>


More information about the Firewall mailing list