Martian source (How to ignore in logs)
Hello All, How do I get SuSE 9.1 (SuSEfirewall2) to ignore martian source messages and not log them? I have a valid reason to have martian source on my two nics and the messages they are logging is wasting huge amounts of logfile and making it difficult to spot real traffic... Any help greatly appreciated
onsdagen den 29 september 2004 14.37 skrev b@rry.co.za:
How do I get SuSE 9.1 (SuSEfirewall2) to ignore martian source messages and not log them?
If it is the kernel doing the logging you can use the following command: # echo 0 > /proc/sys/net/ipv4/conf/all/log_martians to turn off logging at all IPv4-nics. (At least according to the docs...) Regards, -- Mats Folke Avd. Datalogi och Div. of Computer Science Datorkommunikation and Networking Inst. för Systemteknik Dept. of Computer Science Luleå tekniska universitet and Electrical Engineering Luleå University of Technology Sweden tel: 0920 49 3065 telephone: +46 920 493065
On Wednesday 29 September 2004 14:42, Mats Folke wrote:
to turn off logging at all IPv4-nics. (At least according to the docs...)
any idea if this will have to be run in my startup scripts? Also, don't think its working :) Sep 29 15:15:54 linux kernel: martian source 192.168.1.1 from 192.168.1.56, on dev eth1 Sep 29 15:15:54 linux kernel: ll header: ff:ff:ff:ff:ff:ff:00:04:61:55:46:14:08:06 Sep 29 15:15:56 linux kernel: martian source 192.168.2.255 from 192.168.2.19, on dev eth0 Sep 29 15:15:56 linux kernel: ll header: ff:ff:ff:ff:ff:ff:00:08:a1:40:53:14:08:00 Sep 29 15:15:56 linux kernel: martian source 192.168.2.12 from 192.168.2.19, on dev eth0 Sep 29 15:15:56 linux kernel: ll header: ff:ff:ff:ff:ff:ff:00:08:a1:40:53:14:08:06 Sep 29 15:15:56 linux kernel: martian source 192.168.2.18 from 192.168.2.19, on dev eth0 Sep 29 15:15:56 linux kernel: ll header: ff:ff:ff:ff:ff:ff:00:08:a1:40:53:14:08:06 Sep 29 15:15:57 linux kernel: martian source 192.168.2.255 from 192.168.2.19, on dev eth0 Sep 29 15:15:57 linux kernel: ll header: ff:ff:ff:ff:ff:ff:00:08:a1:40:53:14:08:00 Sep 29 15:15:58 linux kernel: martian source 192.168.2.255 from 192.168.2.19, on dev eth0
b@rry.co.za wrote:
any idea if this will have to be run in my startup scripts?
No, set FW_KERNEL_SECURITY="yes" to no.
Also, don't think its working :)
Try the above, if it doesn't work immediately, try SuSEfirewall2 stop, then start. If that doesn't work, you can either reboot or use the command given to you in the last post. That should work immediately, but will not survive a reboot or may not survive a firewall restart, such as with a dialup. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871
On Wednesday 29 September 2004 17:29, Joe Morris (NTM) wrote:
No, set FW_KERNEL_SECURITY="yes" to no.
I have done this, stopped the firewall, waited a few minutes then restarted the firewall. Messages still appear.
command given to you in the last post. That should work immediately, but will not survive a reboot or may not survive a firewall restart,
have run the linux:/home/barrulus # echo 0 > /proc/sys/net/ipv4/conf/all/log_martians linux:/home/barrulus # script, it is accepted, the file log_martians now contains a 0 instead of a 1. still the martians are coming :)
/ 2004-09-29 10:29:23 -0500 \ Joe Morris (NTM):
b@rry.co.za wrote:
any idea if this will have to be run in my startup scripts?
No, set FW_KERNEL_SECURITY="yes" to no.
Also, don't think its working :)
Try the above, if it doesn't work immediately, try SuSEfirewall2 stop, then start. If that doesn't work, you can either reboot or use the command given to you in the last post. That should work immediately, but will not survive a reboot or may not survive a firewall restart, such as with a dialup.
Note: from Documentation/networking/ip-sysctl.txt: log_martians - BOOLEAN Log packets with impossible addresses to kernel log. log_martians for the interface will be enabled if at least one of conf/{all,interface}/log_martians is set to TRUE, it will be disabled otherwise so you will have to for f in /proc/sys/net/ipv4/conf/*/log_martians ; do echo 0 > $f ; done head /proc/sys/net/ipv4/conf/*/log_martians Lars Ellenberg
On Thu, 2004-09-30 at 09:20, Lars Ellenberg wrote:
from Documentation/networking/ip-sysctl.txt:
Thanks, I am busy reading this file now. Amazing what you can do when you know how, thanks Lars.
so you will have to for f in /proc/sys/net/ipv4/conf/*/log_martians ; do echo 0 > $f ; done head /proc/sys/net/ipv4/conf/*/log_martians
have set this as startup script so that when this cust FINALLY buys another switch I can reverse this no problem :) Again, thanks Lars.
participants (4)
-
b@rry.co.za -
Joe Morris (NTM) -
Lars Ellenberg -
Mats Folke