Thanks!! ----- Original Message ----- From: "Ralf Spenneberg" <[EMAIL PROTECTED]> To: "Richard Abbuhl" <[EMAIL PROTECTED]> Cc: "FreeS/WAN" <[EMAIL PROTECTED]> Sent: Monday, August 04, 2003 6:16 PM Subject: Re: [Users] All ipsec traffic is logged
Am Mon, 2003-08-04 um 18.08 schrieb Richard Abbuhl: > Hi, > > I commented out the line: > # $IPTABLES -A FORWARD -j LOG > and this solved the problem. > > I am now wondering whether if setting off all messages > is a good practice. > > Is there a another way to stop just the ipsec message traffic? Enter the following lines: # Accept and do not log IKE $IPTABLES -A FORWARD -p udp --dport 500 -j ACCEPT # Accept and do not log AH $IPTABLES -A FORWARD -p 51 -j ACCEPT # Accept and do not log ESP $IPTABLES -A FORWARD -p 50 -j ACCEPT # Log everything else $IPTABLES -A FORWARD -j LOG Cheers, Ralf > > Thanks, > Rick. > > ----- Original Message ----- > From: "Ralf Spenneberg" <[EMAIL PROTECTED]> > To: "Richard Abbuhl" <[EMAIL PROTECTED]> > Cc: "FreeS/WAN" <[EMAIL PROTECTED]> > Sent: Monday, August 04, 2003 9:09 AM > Subject: Re: [Users] All ipsec traffic is logged > > > Hi Richard, > > Am Mon, 2003-08-04 um 07.47 schrieb Richard Abbuhl: > > Hi, > > > > All of my ipsec message traffic is being logged to /var/log/messages: > > > > Aug 2 23:28:57 fluf kernel: IN=eth1 OUT=ipsec0 > > SRC=192.168.1.56 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=50911 DF > > PROTO=TCP SPT=1506 DPT=21796 WINDOW=0 RES=0x00 RST URGP=0 > These are iptables messages. Make sure you do not have a logging rule in > your packetfilter setup. > > Cheers, > > Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection f�r Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
