Hi to all, I''d like to cut some log in /var/log/messages, as of netbios and ping entries. There are some particular rules in shorewall 1.4.5? I''ve tried with "run_iptables -A common -p udp --sport 138 -mstate --state NEW -j DROP" but it contiunes to send to log every netbios attempt. Also I don''t want to disable ping from loc to net, and from fw to net. Thanks for every advice.
On Fri, 2003-07-04 at 11:29, linux.engineer@yarix.com wrote:> Hi to all, > I''d like to cut some log in /var/log/messages, as of netbios and ping > entries. > There are some particular rules in shorewall 1.4.5? > I''ve tried with "run_iptables -A common -p udp --sport 138 -mstate --state > NEW -j DROP" but it contiunes to send to log every netbios attempt. > Also I don''t want to disable ping from loc to net, and from fw to net. >Please post: a) sample log messages b) your /etc/shorewall/interfaces file. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Sat, 2003-07-05 at 00:49, linux.engineer@yarix.com wrote:> Here you are: > > a) sample log messages > Jul 5 09:30:23 fvr05 kernel: Shorewall:logdrop:DROP:IN=eth1 OUT> MAC=ff:ff:ff:ff:ff:ff:00:00:e2:8f:c8:82:08:00 SRC=10.0.1.5 > DST=10.0.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=5341 PROTO=UDP > SPT=137 DPT=137 LEN=58 > > Jul 5 09:34:17 fvr05 kernel: Shorewall:logdrop:DROP:IN=eth1 OUT> MAC=00:10:5a:f0:12:17:00:0c:6e:0d:98:f3:08:00 SRC=10.0.0.15 > DST=10.0.0.8 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=3600 PROTO=ICMP > TYPE=8 CODE=0 ID=512 SEQ=1280 > > Jul 5 09:34:18 fvr05 kernel: Shorewall:logdrop:DROP:IN=eth1 OUT> MAC=ff:ff:ff:ff:ff:ff:00:00:39:98:f1:f6:08:00 SRC=10.0.0.12 > DST=10.255.255.255 LEN=255 TOS=0x00 PREC=0x00 TTL=128 ID=56487 > PROTO=UDP SPT=138 DPT=138 LEN=235 > > My logs are full of the entries above. > > > b) your /etc/shorewall/interfaces file. > > loc eth0 172.20.255.255 > net eth1 10.0.255.255 norfc1918,routefilter > > > Thanks for your help.Change your /etc/shorewall/rfc1918 to not log packets from 10.0.0.0/8. In the future when you have questions about why things are getting logged, please check FAQ #17. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net