Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: AW: [suse-security] Multicast packets fill up my log files
  • From: "Stefan Suurmeijer (prive)" <stefan@xxxxxxxxxxxx>
  • Date: Fri, 18 Jan 2002 12:14:30 +0100
  • Message-id: <3C480396.2030609@xxxxxxxxxxxx>
Errrm, that would mean dropping useful information on people trying to do nasty things as well.

Why not simply try adding:
iptables -A INPUT -j DROP -i ppp0 -d 224.0.0.1

This option simply drops multicast packets, while still logging anything else that might be interesting (provided you keep FW_LOG_DROP_CRIT="yes" of course).

HTH

Stefan



Peer Stefan wrote:

Hi, have a look at /etc/rc.config.d/firewall2.rc.config. Section 16 deals with
logging:
FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"

You can safely change the FW_LOG_DROP_CRIT="yes" to FW_LOG_DROP_CRIT="no",
once you are sure your firewall rules work the way they should.
regards,
Stefan

-----Urspr√ľngliche Nachricht-----
Von: Alexander Topolanek [mailto:atopo@xxxxxxx]
Gesendet: Freitag, 18. Jänner 2002 07:01
An: suse-security@xxxxxxxx
Betreff: [suse-security] Multicast packets fill up my log files


Hi,
(and now in english :)

My provider sends me multicast packets every minutes, that are denied by
the SuSE-FW2 rules, and logged:
--
Jan 18 00:04:47 rohrpostfix kernel: SuSE-FW-UNALLOWED-TARGETIN=ippp0
OUT= MAC= S RC=195.3.94.57 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1
ID=7983 PROTO=2
--
I would need and iptable rule that discards those packets silently. I
tried "iptables -A INPUT -i ippp0 -d 224.0.0.1/24 -j ACCEPT" without
success, has anyone an idea where I went wrong?

thanks
Alexander





< Previous Next >
Follow Ups
References