iptables excess logging
Nathaniel Hall
halln at otc.edu
Tue Oct 5 16:01:58 UTC 2004
You might try a rule similar to
-A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
Place this before any logging rules as it will tell the firewall to
accept any traffic on the local loopback with a destination and source
of 127.0.0.1. This traffic never (well, should never) leave the local
system and, unless specific tracking is needed, shouldn't need to be
logged.
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-799-0552
menonrr at jmu.edu wrote:
>Hello Mark,
>
>Thanks for the advice.
>
>But now I have a new problem. The syslog logs millions of such
>entries:
>
>Source and Destination to 127.0.0.1
>
>Oct 5 10:35:17 nessusClient kernel: INPUT packets:IN=lo OUT=
>MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1
>DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30292 DF
>PROTO=TCP SPT=631 DPT=34189 WINDOW=32754 RES=0x00 ACK URGP=0
>
>Source = various ; Destination to 255.255.255.0
>
>Oct 5 10:51:09 nessusClient kernel: INPUT eth1 Ext:IN=eth1
>OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:74:ab:0d:27:08:00
>SRC=134.126.21.83 DST=255.255.255.255 LEN=68 TOS=0x00
>PREC=0x00 TTL=128 ID=39383 PROTO=UDP SPT=1226 DPT=7100 LEN=48
>
>Can you advise how to make the log less cumbersome
>(--log-level?) and not log unnecesary information like traffic
>from 127.0.0.1 or broadcasts?
>
>I am very thankful.
>
>Menon
>
>
>
More information about the redhat-list
mailing list