On Mon, 8 Jan 2001, Michael Jung wrote:
> Since e-smith 4.1beta2 the /var/log/messages logfile saves masses of useless
> (?) messages.
> It may not a common installation, that there is another NetBios Server on
> the outside LAN card, but its not owed of me :-)
> It produces annoying messages every few seconds:
>
> Jan 8 19:16:29 sonne kernel: Packet log: denylog DENY eth1 PROTO=17
> 141.51.158.21:520 141.51.158.255:520 L=532 S=0x00
> Jan 8 19:16:29 sonne kernel: Packet log: denylog DENY eth1 PROTO=17
> 141.51.158.21:520 141.51.158.255:520 L=532 S=0x00
> Jan 8 19:16:29 sonne kernel: Packet log: denylog DENY eth1 PROTO=17
> 141.51.158.21:520 141.51.158.255:520 L=532 S=0x00
> Jan 8 19:16:29 sonne kernel: Packet log: denylog DENY eth1 PROTO=17
> 141.51.158.21:520 141.51.158.255:520 L=532 S=0x00
> Jan 8 19:16:29 sonne kernel: Packet log: denylog DENY eth1 PROTO=17
> 141.51.158.21:520 141.51.158.255:520 L=412 S=0x00
Create yourself a custom template fragment to deny those packets silently.
cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
cat > 25IgnoreRIPBroadcast <<EOF
# deny without logging local RIP broadcasts
/sbin/ipchains --append input --protocol udp --source 141.51.158.21 route \
--destination 141.51.158.255 route --jump deny
EOF
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
chmod +x /etc/rc.d/init.d/masq
/etc/rc.d/init.d/masq restart
The same strategy can be used to deny without logging any other regular
traffic that you don't want to see in your logs. Examples which come to
mind immediately are Netbios name lookups and open port probes from known
sources.
--
Charlie Brady [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
