Re: Firewall froth..
On Tue, Apr 15, 2008 at 03:42:54PM +0000, Digby Tarvin wrote:
> where the list line was to filter out the most frequent messages, but
> I am not really sure what, if any, rejected connections/packets I
> should be looking out for, and what should just be ignored...
>
> Perhaps I should redirect the firewall logs to a separate file? Or
> just stick my head in the sand and log nothing - which is presumably
> the situation with my dsl router..
I don't have any incoming ports since I don't offer services to the net,
not even ssh. Therefore, I drop everything coming in and don't log it.
I by default have all ports outgoing closed to and log everything that
shorewall stops. Then I open the ports I need with selected ACCEPT
macros. Then the only things that end up in syslog are ones I need to
see. My logaudit script doesn't filter out shorewall lines so I see
them. I do have console logging turned off so I don't get interrupted.
Doug.
Reply to: