- Although I set logging in such a fashion, that only critical drops should be logged, the firewall logs and logs tons of packets from guys trying to connect to P2P-software on ports like 4662 or 1214. Is that considered "critical" ??
If the port is closed no problem. Depending on the rules traffic from internal may be blocked, so that the logs show your actions, too.
- I wanted to get firewall messages in a separate file, so I added an entry kern.* - /var/log/firewall to /etc/syslog.conf, but now it logs to BOTH files. Any ideas how to cure this?
/etc/syslog.conf: *.*;!kern.* - /var/log/messages kern.* - /var/log/firewall
Oh yeah: Am I the only one thinking that "SuSEfirewall2" is one heck of a command to type if you just want to stop/start? "sfw2" or something would be much faster to type... I know, I know I could use ln -s ;-)
Ever tried the <tab> key? With the <tab> key you can shorten up your commands. /sb<tab>/S<tab>f = /sbin/SuSEfirewall2 :-) Philippe