How do I _NOT_ log the SuSE-FW-ACCEPT packets? And, while I'm at it, what's the point of doing that in the first place? Thanks, dk
On 09/12/2003 07:38 PM, David Krider wrote:
How do I _NOT_ log the SuSE-FW-ACCEPT packets? And, while I'm at it, what's the point of doing that in the first place?
It is a config option in /etv/sysconfig/SuSEfirewall2. just say no. It is helpful when you want to be sure something is working properly, but for the evertday work it probably isn't needed. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
The 03.09.12 at 06:38, David Krider wrote:
How do I _NOT_ log the SuSE-FW-ACCEPT packets?
FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no"
And, while I'm at it, what's the point of doing that in the first place?
I am interested to know what is comming in that I should know. And I may enable "all" temporarily for debugging - ie, to see if I should close something. -- Cheers, Carlos Robinson
* Carlos E. R.; <robin1.listas@tiscali.es> on 12 Sep, 2003 wrote:
The 03.09.12 at 06:38, David Krider wrote:
How do I _NOT_ log the SuSE-FW-ACCEPT packets?
FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no"
And, while I'm at it, what's the point of doing that in the first place?
I am interested to know what is comming in that I should know. And I may enable "all" temporarily for debugging - ie, to see if I should close something.
FW_LOG_ACCEPT_CRITICAL basicly logs the packets that you have selected to pass thru ie FW_SERVICE_EXT_TCP="80" that any packet coming to port 80 will be logged. You can change this to "no " so those permitted ones will not be logged anymore -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
On Fri, 2003-09-12 at 08:59, Carlos E. R. wrote:
The 03.09.12 at 06:38, David Krider wrote:
How do I _NOT_ log the SuSE-FW-ACCEPT packets?
FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no"
I was afraid of this. Both of these entries are set to no in my config file, yet I continue to get the reports in my log. Any other ideas? dk
The 03.09.12 at 13:53, David Krider wrote:
FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no"
I was afraid of this. Both of these entries are set to no in my config file, yet I continue to get the reports in my log. Any other ideas?
On a machine I set up for a friend, I discovered I was adjusting susefirewall2, and he was using the other one, because it was setup automatically by yast after changing something on the network setup. -- Cheers, Carlos Robinson
On Fri, 2003-09-12 at 18:40, Carlos E. R. wrote:
The 03.09.12 at 13:53, David Krider wrote:
FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no"
I was afraid of this. Both of these entries are set to no in my config file, yet I continue to get the reports in my log. Any other ideas?
On a machine I set up for a friend, I discovered I was adjusting susefirewall2, and he was using the other one, because it was setup automatically by yast after changing something on the network setup.
I have stopped and restarted this thing many times in trying to sort this out. That alleviates one response. I haven't run SuSEconfig in any of this, so that should rule out the /etc/sysconfig/SuSEfirewall2 script getting rewritten on the fly. I use the following two rules in FW_FORWARD to get NFS passed between my DMZ and my internal network: 192.168.1.0/24,192.168.1.2,udp,1:65535 192.168.1.2,192.168.4.0/24,udp,800 The interesting thing to me is that the only thing that I keep getting FW-ACCEPT messages for are the responses from port 800 in my DMZ back to my internal network. They always look like this: Sep 13 17:21:39 reliant kernel: SuSE-FW-ACCEPT IN=eth1 OUT=eth0 SRC=192.168.1.2 DST=192.168.4.200 LEN=148 TOS=0x00 PREC=0x00 TTL=63 ID=30811 DF PROTO=UDP SPT=2049 DPT=800 LEN=128 My guess is that this has something to do with the fact that it's UDP traffic, or that it's a low port, but I also have this rule for printing from Samba: 192.168.1.2,192.168.4.0/24,udp,137 And I never get any messages about that one. I also do NOT get the messages when I access the NFS share from the firewall. This is being taken care of here: FW_SERVICES_DMZ_UDP="domain 600:1023" Again, anyone know why I'd get those messages for that one rule, and not the others? Perhaps I should send this to the maintainer of SuSEfirewall2? Regards, dk
On 09/13/2003 02:53 AM, David Krider wrote:
On Fri, 2003-09-12 at 08:59, Carlos E. R. wrote:
FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no"
I was afraid of this. Both of these entries are set to no in my config file, yet I continue to get the reports in my log. Any other ideas?
as root, SuSEfirewall2 stop, then SuSEfirewall2 start. I have set mine to no, and it does work. Are you sure you reloaded the firewall rules afterward. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
participants (4)
-
Carlos E. R.
-
David Krider
-
Joe Morris (NTM)
-
Togan Muftuoglu