You are not logged in.
Hi! I've installed firehol and setup very simple firewall. Few days later I've found that my log directory is very big, especially iptables.log. In this file, every 10 seconds similar messages are logged, like this:
Jun 14 19:25:36 laptop kernel: ''IN-home':'IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:a9:6b:5c:01:08:00 SRC=77.236.14.254 DST=255.255.255.255 LEN=296 TOS=0x00 PREC=0x00 TTL=255 ID=46931 PROTO=UDP SPT=67 DPT=68 LEN=276
The rest is almost the same, they differs only by time and ID numbers. Because I'm new in iptables, colud anyone tell me what is the meaning of these messages, and how can I fix my firewall to stop receiving them?
Offline
http://firehol.sourceforge.net/trouble.html
...
So basically, if you look at the destination ip (broadcast), the source port (67) and the destination port (68), and you know that it is UDP traffic, you can discern that it is DHCP traffic being filtered (some other host doing dhcp).
Make sure you allow dhcp in your firehol config (client dhcp) for the machine itself, if it is required.
to reduce logging verbosity, use log limiting.
http://firehol.sourceforge.net/commands … _FREQUENCY
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Thanks cactus!!!
Your solution works. However I'm little confused because my firehol.conf contained
client all accept
and now I just add:
client all accept
client dhcp accept
So "all" means "every client except dhcp"?
Offline
ahh. if you have client all accept, then you shouldn't need to explicitly list client dhcp accept.
*head scratching*
Last edited by cactus (2009-06-14 23:02:23)
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
I was thinking the same way as you, but it appears that dhcp should be added explicitly. Without "client dhcp accept" I'm still bombarded with these log messages.
Offline
good to know.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline