How to keep iptables from polluting dmesg output
I can't figure out how to keep iptables from logging to the ring
buffer, the thing shown when using dmesg. Here's what I've tried so
far:
1) In my iptables script I have the following rule:
iptables -N RULE_4
iptables -A INPUT -j RULE_4
iptables -A RULE_4 -j LOG --log-level debug --log-prefix "RULE 4 -- Deny "
iptables -A RULE_4 -j DROP
I think line 3 above means it's supposed to be logging at level "7".
2) In the /etc/init.d/klogd script I have:
KLOGD="-c 4"
I think this means that the kernel log daemon will only output level 4
or lower message, ie., level 4,3,2,1, but I'm still getting "RULE 4"
in the output of dmesg.
Just for grins, but probably not what I want, I've tried:
3) "dmesg -c;dmesg -n4" and I'm still getting "RULE 4" in the output
of dmesg.
4) I can stop klogd altogether and I *still* see "RULE 4" in the
output of dmesg. Huh? I thought iptables used the kernel logging
facility?!
How the heck do I get rid of these things? I want the messages to go
to a log file, I just don't want them in the output of dmesg! Right
now the output is going to the files kern.log, syslog, debug and the
output of dmesg. If I stop klogd then it just gets into the dmesg
output.
Anyone have any bright ideas on whatever my dim brain is missing? I
know I could probably install ulogd and use the --ulog options on
iptables rules, and that's what I'll do if nobody can offer me an
alternate solution using standard stuff.
Thanks,
Gary
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: