[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netfilter, iptable ...

On Mon, Jan 08, 2007 at 06:56:37PM -0500, David Clymer wrote:
From: David Clymer <david@zettazebra.com>
To: debian-user@lists.debian.org
Subject: Re: netfilter, iptable ...
X-Mailer: Evolution 2.6.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on murphy.debian.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=4.0 tests=ALL_TRUSTED,
	DNS_FROM_RFC_BOGUSMX,LDOSUBSCRIBER autolearn=no version=3.0.3

On Mon, 2007-01-08 at 22:52 +0100, Gerard Robin wrote:
I have a script which contains iptables's commands and which works fine
as firewall, but I encounter a problem with the log:

in /var/log/kern.log I get a tone of lines of this type:

Jan 8 18:25:25 nameofmybox kernel: Inbound IN=eth0 OUT= MAC=00:e:4c:8:3:1:00:07:cb:31:9c:71:08:00 SRC= A.B.C.D DST=E.F.G.H LEN=64 TOS=0x00 PREC=0x00 TTL=41 ID=57486 DF PROTO=TCP SPT=3910 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=16
( A.B.C.D and E.F.G.H are some addresses ... )

When I am in command line these lines are displayed continously and it is impossible to work. (the problem doesn't happen on xwindow on an xterm )

The problem stops if I comment four lines of the script.
the four lines:

# iptables -A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
# iptables -A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6

# iptables -A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6

# iptables -A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
however, I think that these lines give interesting informations and I
would like to know how to keep them, but without that my file kern.log
grows inordinately.

you could keep the rules and do:

# dmesg -n 1

in order to prevent the output from being printed to the terminal (man

Thanks, it's ok the output doesn't appear on the terminal, but they are
always printed in /var/log/kern.log and I think I must change --limi 5/sec otherwise my kern.log is going to blow up :-)
Tanks again.

Reply to: