[Firewall] DENY_UDP_NOLOG

Lonnie Abelbeck lists at lonnie.abelbeck.com
Wed Jan 15 20:02:47 CET 2014


Daniel,

The DENY_UDP_NOLOG adds a (redundant) iptables rule to DROP the packet without logging, where PRIV_UDP_LOG=0 keeps a rule from being added to generate a log.

Personally I use PRIV_UDP_LOG=0 (et al.) on production boxes.

Lonnie


On Jan 15, 2014, at 11:11 AM, Daniel Weidner wrote:

> Is it correct, that the difference between DENY_UDP_NOLOG and PRIV_UDP_LOG is the possibility to only remove log messages for specific ports?
> 
> Am 15.01.2014 16:45, schrieb Lonnie Abelbeck:
>> Hi Daniel,
>> 
>> Judging from your logs, they are UDP 137/138 NETBIOS broadcasts.
>> 
>> Blocking those packets as you did with DENY_UDP_NOLOG is one way, another is to control what gets logged...
>> 
>> The four most general logging controls are (with defaults):
>> --
>> PRIV_UDP_LOG=1
>> UNPRIV_UDP_LOG=1
>> 
>> PRIV_TCP_LOG=1
>> UNPRIV_TCP_LOG=1
>> --
>> 
>> To quiet your NETBIOS broadcasts (and others) in your logs you could set:
>> --
>> PRIV_UDP_LOG=0
>> --
>> Tip -> the beginning of your logs states: "AIF:PRIV UDP packet:"
>> 
>> To quiet most common logs, set:
>> --
>> PRIV_UDP_LOG=0
>> UNPRIV_UDP_LOG=0
>> PRIV_TCP_LOG=0
>> UNPRIV_TCP_LOG=0
>> --
>> 
>> Of course if you are debugging network issues, you may want to enable logging at that time.
>> 
>> Also note that the above variable definitions are 'shell' syntax, no spaces before of after the =
>> 
>> Lonnie
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 



More information about the Firewall mailing list