Hello Shorewall users, First I would like to say I enjoy using Shorewall and wouldn't place a box on the Net without it installed.
With that being said, I do have a small issue with Shorewall. Shorewall's logging is completely out of control in my case and for my needs. In shorewall.conf I have all logging set to "err" and I'm kind of lost on how to stop all this logging (example: SMURF_LOG_LEVEL=err). I guess if there's an error then I might want to know, but blocked traffic doesn't help me unless I'm trying to let someone in and they can't get there. Then I would need to have logging in my situation. In my case I use Shorewall to block all ports except for ports 80, 443 and ssh (when I'm on the road only). Every other incoming traffic is DROPed with shorewall. Since I know this is all blocked, I really don't care to log this information on a daily basis as millions of scans and hack attempts happen 24/7. To tell you the truth I'm more interested in seeing what shorewall lets through on any port OTHER than what I have allowed access to than logging those IP's which were successfully blocked. Hey they were blocked right? Anyway, here are a couple of shorewall log entries for starters that I would like to stop. Of course there are all kinds of ports which are scanned continuously so this is just a quick snapshot of the last 3 entries: Oct 15 13:47:29 backup kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:06:5b:8c:18:1f:00:06:53:10:18:01:08:00 SRC=202.107.228.35 DST=[123.456.789.012] LEN=4 04 TOS=0x00 PREC=0x20 TTL=112 ID=63441 PROTO=UDP SPT=4820 DPT=1434 LEN=384 Oct 15 13:47:30 backup kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:06:5b:8c:18:1f:00:06:53:10:18:01:08:00 SRC=66.56.253.79 DST=[123.456.789.012] LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=41389 DF PROTO=TCP SPT=1742 DPT=2967 WINDOW=16384 RES=0x00 SYN URGP=0 Oct 15 13:47:30 backup kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:06:5b:8c:18:1f:00:06:53:10:18:01:08:00 SRC=66.230.119.236 DST=[123.456.789.012] LEN=4 8 TOS=0x00 PREC=0x20 TTL=119 ID=11572 DF PROTO=TCP SPT=3696 DPT=2968 WINDOW=64512 RES=0x00 SYN URGP=0 Any help on how to just turn off logging would be appreciated. John _________________________________________________________________ Peek-a-boo FREE Tricks & Treats for You! http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
