Re: Firewall froth..

To: debian-user@lists.debian.org
Subject: Re: Firewall froth..
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Tue, 15 Apr 2008 21:27:57 -0400
Message-id: <[🔎] 20080416012757.GC6978@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20080415154254.15081.qmail@tdc.dircon.co.uk>
References: <[🔎] 20080415154254.15081.qmail@tdc.dircon.co.uk>

On Tue, Apr 15, 2008 at 03:42:54PM +0000, Digby Tarvin wrote:

> where the list line was to filter out the most frequent messages, but
> I am not really sure what, if any, rejected connections/packets I
> should be looking out for, and what should just be ignored...
> 
> Perhaps I should redirect the firewall logs to a separate file? Or
> just stick my head in the sand and log nothing - which is presumably
> the situation with my dsl router..

I don't have any incoming ports since I don't offer services to the net,
not even ssh.  Therefore, I drop everything coming in and don't log it.
I by default have all ports outgoing closed to and log everything that
shorewall stops.  Then I open the ports I need with selected ACCEPT
macros.  Then the only things that end up in syslog are ones I need to
see.  My logaudit script doesn't filter out shorewall lines so I see
them.  I do have console logging turned off so I don't get interrupted.

Doug.

Reply to:

References:
- Firewall froth..
  - From: "Digby Tarvin" <lists2008@skaro.afraid.org>

Prev by Date: Re: Question about how "aptitude search" is used
Next by Date: Re: fonts for certificates, preferable open source but free will do
Previous by thread: Re: Firewall froth..
Next by thread: Re: Firewall froth..
Index(es):
- Date
- Thread