Errrm, that would mean dropping useful information on people trying to do nasty things as well. Why not simply try adding: iptables -A INPUT -j DROP -i ppp0 -d 224.0.0.1 This option simply drops multicast packets, while still logging anything else that might be interesting (provided you keep FW_LOG_DROP_CRIT="yes" of course). HTH Stefan Peer Stefan wrote:
Hi, have a look at /etc/rc.config.d/firewall2.rc.config. Section 16 deals with logging: FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"
You can safely change the FW_LOG_DROP_CRIT="yes" to FW_LOG_DROP_CRIT="no", once you are sure your firewall rules work the way they should.
regards, Stefan
-----Ursprüngliche Nachricht----- Von: Alexander Topolanek [mailto:atopo@ocv.org] Gesendet: Freitag, 18. Jänner 2002 07:01 An: suse-security@suse.com Betreff: [suse-security] Multicast packets fill up my log files
Hi, (and now in english :)
My provider sends me multicast packets every minutes, that are denied by the SuSE-FW2 rules, and logged: -- Jan 18 00:04:47 rohrpostfix kernel: SuSE-FW-UNALLOWED-TARGETIN=ippp0 OUT= MAC= S RC=195.3.94.57 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=7983 PROTO=2 -- I would need and iptable rule that discards those packets silently. I tried "iptables -A INPUT -i ippp0 -d 224.0.0.1/24 -j ACCEPT" without success, has anyone an idea where I went wrong?
thanks Alexander