[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: annoying iptables messages

On Wednesday 15 June 2005 04:13 pm, Jan C. Nordholz wrote:
> Hi!
> > I'm trying to rid myself of annoying iptables messages that are clogging
> > up the console and dmesg. To my firewall script I've added:
> Well, dmesg just reads the kernel's debugging ringbuffer, where _every_
> printk() the kernel issues is recorded. You can't keep messages from
> appearing there, you can just prevent that they travel any further. :-)
> > echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid
> Hm, didn't even know that toggle - however, it already is 0 here, so I
> guess that's the default...
> > And to sysklogd:
> >
> > KLOGD="-c 4"
> This will keep iptables log messages (which default to log-level warning,
> i.e. 4, but see the --log-level option in the manpage) from appearing on
> the console. However, those messages are still forwarded to the syslog
> facility, unless you've told klogd to behave differently (see the -f
> switch).
> What sysklogd then does with them is dictated by /etc/syslog.conf(5) -
> incoming messages from klogd are given facility "kernel" (as you might
> have guessed ;-) ), and the priority given by the kernel is just passed
> through.
> > The console messages seem to be gone, but dmesg is still clogged with
> > iptables junk.
> You can't change that. I'd suggest you use another source of information:
> by customizing syslog.conf you should be able to extract every possible
> subset of logging messages pretty comfortably.
> HTH,
> Jan

Thanks for the reply, Jan.

Acually, I guess I posted too early. Hot-keying to my server (via a KVM) 

New not syn:IN=eth1 OUT= MAC=00:30:1b:3d:ed:0e:00:02:3b:01:dd:e1:08:00 
SRC= DST= LEN=41 TOS=0x00 PREC=0x00 TTL=240 ID=21627 
IPT INPUT packet died: IN=eth1 OUT= 
MAC=00:30:1b:3d:ed:0e:00:02:3b:01:dd:e1:08:00 SRC= 
DST= LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10675 PROTO=TCP SPT=80 
DPT=36366 WINDOW=9300 RES=0x00 RST URGP=0

Printed to the console. More googling ahead...


Reply to: