You are not logged in.

#1 2009-06-14 17:33:38

corion
Member
Registered: 2008-09-13
Posts: 36
Website

iptables: deluge of log messages

Hi! I've installed firehol and setup very simple firewall. Few days later I've found that my log directory is very big, especially iptables.log. In this file, every 10 seconds similar messages are logged, like this:

Jun 14 19:25:36 laptop kernel: ''IN-home':'IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:a9:6b:5c:01:08:00 SRC=77.236.14.254 DST=255.255.255.255 LEN=296 TOS=0x00 PREC=0x00 TTL=255 ID=46931 PROTO=UDP SPT=67 DPT=68 LEN=276

The rest is almost the same, they differs only by time and ID numbers. Because I'm new in iptables, colud anyone tell me what is the meaning of these messages, and how can I fix my firewall to stop receiving them?

Offline

#2 2009-06-14 18:59:48

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: iptables: deluge of log messages

http://firehol.sourceforge.net/trouble.html

...

So basically, if you look at the destination ip (broadcast), the source port (67) and the destination port (68), and you know that it is UDP traffic, you can discern that it is DHCP traffic being filtered (some other host doing dhcp).

Make sure you allow dhcp in your firehol config (client dhcp) for the machine itself, if it is required.

to reduce logging verbosity, use log limiting.
http://firehol.sourceforge.net/commands … _FREQUENCY


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2009-06-14 22:39:33

corion
Member
Registered: 2008-09-13
Posts: 36
Website

Re: iptables: deluge of log messages

Thanks cactus!!! cool

Your solution works. However I'm little confused because my firehol.conf contained

client all accept

and now I just add:

client all accept
client dhcp accept

So "all"  means "every client except dhcp"?

Offline

#4 2009-06-14 23:01:50

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: iptables: deluge of log messages

ahh. if you have client all accept, then you shouldn't need to explicitly list client dhcp accept.
*head scratching*

smile

Last edited by cactus (2009-06-14 23:02:23)


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#5 2009-06-15 19:36:11

corion
Member
Registered: 2008-09-13
Posts: 36
Website

Re: iptables: deluge of log messages

I was thinking the same way as you, but it appears that dhcp should be added explicitly. Without "client dhcp accept" I'm still bombarded with these log messages.

Offline

#6 2009-06-15 20:35:09

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: iptables: deluge of log messages

good to know.
smile


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

Board footer

Powered by FluxBB