On 15 Apr 2008, Digby Tarvin wrote: > [snip] > where the list line was to filter out the most frequent messages, but > I am not really sure what, if any, rejected connections/packets I > should be looking out for, and what should just be ignored... > > Perhaps I should redirect the firewall logs to a separate file? Or > just stick my head in the sand and log nothing - which is presumably > the situation with my dsl router.. > > Here is an example of the last dozen or so messages in the log: > DF PROTO=TCP SPT=1739 DPT=2933 WINDOW=65535 RES=0x00 SYN URGP=0 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=125.45.93.1 > DST=81.105.30.126 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=44567 DF PROTO=TCP > SPT=12200 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=71.156.118.7 > DST=81.105.30.126 LEN=48 TOS=0x00 PREC=0x20 TTL=116 ID=17119 DF PROTO=TCP > SPT=3968 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=71.156.118.7 > DST=81.105.30.126 LEN=48 TOS=0x00 PREC=0x20 TTL=116 ID=18256 DF PROTO=TCP > SPT=3968 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=88.109.202.188 > DST=81.105.30.126 LEN=58 TOS=0x00 PREC=0x00 TTL=119 ID=4407 PROTO=UDP > SPT=8184 DPT=2933 LEN=38 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=88.109.202.188 > DST=81.105.30.126 LEN=58 TOS=0x00 PREC=0x00 TTL=119 ID=4409 PROTO=UDP > SPT=8184 DPT=2933 LEN=38 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:02:a5:f7:47:a8:00:0b:bf:51:60:01:08:00 SRC=88.109.202.188 > DST=81.105.30.126 LEN=58 TOS=0x00 PREC=0x00 TTL=119 ID=4410 PROTO=UDP > SPT=8184 DPT=2933 LEN=38 > > Is this normal? Anyone know where all this rejected traffic represents? >
You can prevent this stuff appearing by inserting "klogd -c5" to /etc/init.d/klogd. See /www.shorewall.net/FAQ.htm. "FAQ 16) Shorewall is writing log messages all over my console making it unusable! Answer: Just to be clear, it is not Shorewall that is writing all over your console. Shorewall issues a single log message during each start, restart, stop, etc. It is rather the klogd daemon that is writing messages to your console. Shorewall itself has no control over where a particular class of messages are written. See the Shorewall logging documentation. * Find where klogd is being started (it will be from one of the files in /etc/init.d -- sysklogd, klogd, ...). Modify that file or the appropriate configuration file so that klogd is started with “-c <n> ” where <n> is a log level of 5 or less; and/or * See the “dmesg” man page (“man dmesg”). You must add a suitable “dmesg” command to your startup scripts or place it in /etc/shorewall/start." Anthony -- Anthony Campbell - [EMAIL PROTECTED] Microsoft-free zone - Using Debian GNU/Linux http://www.acampbell.org.uk (blog, book reviews, on-line books and sceptical articles) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]