lists at lonnie.abelbeck.com
Wed Jan 15 20:02:47 CET 2014
The DENY_UDP_NOLOG adds a (redundant) iptables rule to DROP the packet without logging, where PRIV_UDP_LOG=0 keeps a rule from being added to generate a log.
Personally I use PRIV_UDP_LOG=0 (et al.) on production boxes.
On Jan 15, 2014, at 11:11 AM, Daniel Weidner wrote:
> Is it correct, that the difference between DENY_UDP_NOLOG and PRIV_UDP_LOG is the possibility to only remove log messages for specific ports?
> Am 15.01.2014 16:45, schrieb Lonnie Abelbeck:
>> Hi Daniel,
>> Judging from your logs, they are UDP 137/138 NETBIOS broadcasts.
>> Blocking those packets as you did with DENY_UDP_NOLOG is one way, another is to control what gets logged...
>> The four most general logging controls are (with defaults):
>> To quiet your NETBIOS broadcasts (and others) in your logs you could set:
>> Tip -> the beginning of your logs states: "AIF:PRIV UDP packet:"
>> To quiet most common logs, set:
>> Of course if you are debugging network issues, you may want to enable logging at that time.
>> Also note that the above variable definitions are 'shell' syntax, no spaces before of after the =
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> Arno's (Linux IPTABLES Firewall) Homepage:
More information about the Firewall