Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] how to avoid logging ACCEPTs?
  • From: Maarten J H van den Berg <maarten@xxxxxxx>
  • Date: Wed, 19 Jun 2002 20:56:58 +0200
  • Message-id: <0206192056580B.22945@itux>
On Wednesday 19 June 2002 18:57, you wrote:
> This is a great idea to allow logging of only selected services.
> I sure would like to see this in FW2.
>
> I solved my problem by editing firewall2-custom.rc.config and adding
> the following line:
>
> /usr/sbin/iptables -I INPUT 1 -i eth0 -s 0.0.0.0/0 -d xx.xxx.16.210 -p
> tcp --dport 6346 -j ACCEPT

If you add this as rule nr. 1 you shortcut all the anti-spoofing
countermeasures. I would suggest that is not a good idea... ;)

> Maybe it's not the most elegant solution, but it works for me!

Maarten

> On Wed, 19 Jun 2002, maarten van den Berg wrote:
> > On Tuesday 18 June 2002 21:05, GertJan Spoelman wrote:
> > > On Tuesday 18 June 2002 19:30, Bob Berman wrote:

<snip>

> > Not to burden SuSE with still more work, but a new option in FW2
> > could be (I'm just thinking aloud here...) a field where it its left
> > up to the user to define what exactly _will_ be defined as "CRIT" so
> > as to be able to omit certain ports. Like so:
> >
> > ##
> > # Leave these at "Default" if you don't know what these mean.
> > FW_LOG_ACCEPT_CRIT_LIST="21 22 25 143"
> > FW_LOG_DROP_CRIT_LIST="23 69 79"
> > #FW_LOG_DROP_CRIT_LIST="Default"
> >
> > Although I know the SuSEfirewall quite well (better than I would've
> > liked; it is quite an impressive and complex filter!) since the time
> > I tweaked some statefullness into it back in the v1.7 days (to
> > overcome the 'allow all highports' ehm... misfeature ;-) mostly for
> > 53/udp traffic, I'm still quite sure I could not come up with a diff
> > that adds the above feature... Sorry. ;-)

--
This email has been scanned for the presence of computer viruses.

Maarten J. H. van den Berg ~~//~~ network administrator
VBVB - Amsterdam - The Netherlands - http://vbvb.nl
T +31204233288 F +31204233286 G +31651994273

< Previous Next >
References