Hi everyone I activated SuSEfirewall2 on 8.1 and I have the following questions: - Although I set logging in such a fashion, that only critical drops should be logged, the firewall logs and logs tons of packets from guys trying to connect to P2P-software on ports like 4662 or 1214. Is that considered "critical" ?? - I wanted to get firewall messages in a separate file, so I added an entry kern.* - /var/log/firewall to /etc/syslog.conf, but now it logs to BOTH files. Any ideas how to cure this? Oh yeah: Am I the only one thinking that "SuSEfirewall2" is one heck of a command to type if you just want to stop/start? "sfw2" or something would be much faster to type... I know, I know I could use ln -s ;-) Thank you very much for any help Cheers Ralf G.
- Although I set logging in such a fashion, that only critical drops should be logged, the firewall logs and logs tons of packets from guys trying to connect to P2P-software on ports like 4662 or 1214. Is that considered "critical" ??
If the port is closed no problem. Depending on the rules traffic from internal may be blocked, so that the logs show your actions, too.
- I wanted to get firewall messages in a separate file, so I added an entry kern.* - /var/log/firewall to /etc/syslog.conf, but now it logs to BOTH files. Any ideas how to cure this?
/etc/syslog.conf: *.*;!kern.* - /var/log/messages kern.* - /var/log/firewall
Oh yeah: Am I the only one thinking that "SuSEfirewall2" is one heck of a command to type if you just want to stop/start? "sfw2" or something would be much faster to type... I know, I know I could use ln -s ;-)
Ever tried the <tab> key? With the <tab> key you can shorten up your commands. /sb<tab>/S<tab>f = /sbin/SuSEfirewall2 :-) Philippe
Hi Philippe Thanks for answering! Am Sonntag, 1. Dezember 2002 20:51 schrieb Philippe Vogel:
Depending on the rules traffic from internal may be blocked, so that the logs show your actions, too. I didn't set up any special rules of my own I just use Suse firewall's defaults. The connection attempts are from the Internet and my theory on this is, that someone using the IP address before me used Kazaa and the Kazaa network is not yet updated.
How can I tell the firewall to not log specific packets it drops? I don't consider these "critical".
/etc/syslog.conf:
*.*;!kern.* - /var/log/messages kern.* - /var/log/firewall Thanks for that one!
Ever tried the <tab> key? Sure. But I like the symbolic link approach better <s>
Cheers Ralf
participants (2)
-
Philippe Vogel -
RalfGue@t-online.de