thr3ads.net - Shorewall users - [Shorewall-users] How to exclude some ports from logging scheme? [Sep 2002]

If this information is useful, please help other people find it:
Share via:

Ulf Kohlmorgen

2002-Sep-21 20:10 UTC

[Shorewall-users] How to exclude some ports from logging scheme?

Hello,

I use this directive in my policy file:
net             all             DROP            info

I get a lot of entries in my syslog file (apparently
through edonkey clients?) like this:

Sep 21 22:06:29 debian kernel: Shorewall:net2all:DROP:IN=ppp0
 OUT= MAC= SRC=217.127.164.189 DST=217.81.34.208 LEN=46 TOS=0x00
 PREC=0x00 TTL=113 ID=52473 PROTO=UDP SPT=1074 DPT=4665 LEN=26


Is it possible to exclude the logging of those destination
ports through shorewall? Any hints?

Tia,
Ulf

Stefan Frank

2002-Sep-22 09:46 UTC

head link

[Shorewall-users] Re: How to exclude some ports from logging scheme?

Hi Ulf,

put the following lines into the rules file:

# drop P2P filesharing packets without logging
# 1214 TCP - FastTrack/Kazaa, 1234 TCP - HotLine,
# 4661,4662 TCP - eDonkey, 5501 TCP - HotLine
# 6346,6347 TCP - Gnutella, 6699 TCP - WinMX
# 1214 UDP - Kazaa
DROP  net             $FW             tcp     1214,1234,4661,4662
DROP  net             $FW             tcp     5501,6346,6347,6699
DROP  net             $FW             udp     1214,4665:4668


HtH, Stefan

-- 
It does me no injury for my neighbor to say there are twenty gods or no God.
It neither picks my pocket nor breaks my leg.

                                   -- Thomas Jefferson

Shorewall users - Sep 2002 - How to exclude some ports from logging scheme?

[Shorewall-users] How to exclude some ports from logging scheme?

[Shorewall-users] Re: How to exclude some ports from logging scheme?