[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: annoying iptables messages



On Wednesday 15 June 2005 04:13 pm, Jan C. Nordholz wrote:
> Hi!
>
> > I'm trying to rid myself of annoying iptables messages that are clogging
> > up the console and dmesg. To my firewall script I've added:
>
> Well, dmesg just reads the kernel's debugging ringbuffer, where _every_
> printk() the kernel issues is recorded. You can't keep messages from
> appearing there, you can just prevent that they travel any further. :-)
>
> > echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid
>
> Hm, didn't even know that toggle - however, it already is 0 here, so I
> guess that's the default...
>
> > And to sysklogd:
> >
> > KLOGD="-c 4"
>
> This will keep iptables log messages (which default to log-level warning,
> i.e. 4, but see the --log-level option in the manpage) from appearing on
> the console. However, those messages are still forwarded to the syslog
> facility, unless you've told klogd to behave differently (see the -f
> switch).
>
> What sysklogd then does with them is dictated by /etc/syslog.conf(5) -
> incoming messages from klogd are given facility "kernel" (as you might
> have guessed ;-) ), and the priority given by the kernel is just passed
> through.
>
> > The console messages seem to be gone, but dmesg is still clogged with
> > iptables junk.
>
> You can't change that. I'd suggest you use another source of information:
> by customizing syslog.conf you should be able to extract every possible
> subset of logging messages pretty comfortably.
>
>
> HTH,
>
> Jan

Thanks for the reply, Jan.

Acually, I guess I posted too early. Hot-keying to my server (via a KVM) 
revealed:


New not syn:IN=eth1 OUT= MAC=00:30:1b:3d:ed:0e:00:02:3b:01:dd:e1:08:00 
SRC=64.14.56.90 DST=64.45.235.41 LEN=41 TOS=0x00 PREC=0x00 TTL=240 ID=21627 
PROTO=TCP SPT=80 DPT=36366 WINDOW=64687 RES=0x00 ACK PSH URGP=0
IPT INPUT packet died: IN=eth1 OUT= 
MAC=00:30:1b:3d:ed:0e:00:02:3b:01:dd:e1:08:00 SRC=64.14.56.90 
DST=64.45.235.41 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10675 PROTO=TCP SPT=80 
DPT=36366 WINDOW=9300 RES=0x00 RST URGP=0

Printed to the console. More googling ahead...

Jeff



Reply to: