RE: [pmfirewall] How to log selectively?

From: Alexander Volovics (awol@xs4all.nl)
Date: Mon Jul 17 2000 - 02:16:08 PDT

• Next message: Don Cohen: "RE: [pmfirewall] How to log selectively?"
• Previous message: Alexander Volovics: "RE: [pmfirewall] How to log selectively?"
• In reply to: James Nessen: "RE: [pmfirewall] How to log selectively?"
• Next in thread: Don Cohen: "RE: [pmfirewall] How to log selectively?"
• Reply: Don Cohen: "RE: [pmfirewall] How to log selectively?"

On 16-Jul-2000 James Nessen wrote:

> Try:
>
> $IPCHAINS -a input -p udp -s $REMOTENET -d $REMOTENET 2301 -j REJECT
>
> Put this at the bottom of your pmfirewall.rules.local file and restart it

Thanks for the suggestion. This is the easy solution yes, but I would
prefer to keep using DENY.

There must be some way of instructing ipchains to "log A but do not log B"
(Without writing a complex set or rules that treats every possible
 type of package seperately by source)

Alexander

> -----Original Message-----
> From: owner-pmfirewall@pointman.org
> [mailto:owner-pmfirewall@pointman.org]On Behalf Of Alexander Volovics
> Sent: Sunday, July 16, 2000 6:50 AM
> To: pmfirewall@pointman.org
> Subject: [pmfirewall] How to log selectively?
>
>
> Can anybody explain how I can log `DENY items' selectively?
> (or rather how I can exlude -some- of the DENY items from
> being logged).
>
> I am connected to the internet via the cable provider @home.
> On my segment of the @home network the other user's machines
> seem to be constantly broadcasting, for example:
>
> Jul 16 15:26:29 for kernel: Packet log: input DENY eth1 PROTO=17
> 212.204.158.219:2301 255.255.255.255:2301 L=40 S=0x00 I=32512 F=0x0000
> T=128
> (#36)
> Jul 16 15:26:52 for kernel: Packet log: input DENY eth1 PROTO=17
> 212.204.158.233:2301 255.255.255.255:2301 L=40 S=0x00 I=27693 F=0x0000
> T=128
> (#36)
>
> As this happens every minute for each machine my /var/log/messages grows
> exponentially.
> I would like to exlude these entries from the log. But ONLY these entries
> (i.e. "-p udp -s $OUTERNET -d 255.255.255.255 2301", so removing the `-l'
> parameter from "$IPCHAINS -A input -j DENY -l" is not an option!)
>
> I see no short and elegant way of doing this with the standard pmfirewall.
>
> Can somebody please help.
>
> Alexander

**********************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
> * in the message body to majordomo@pointman.org. Please direct other
> * questions, comments, or problems to pmfirewall-owner@pointman.org.
> *
> * Need answers fast? Check the list archive located at:
> * http://www.pointman.org/PMFirewall/list-archive/
> *

****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*

• Next message: Don Cohen: "RE: [pmfirewall] How to log selectively?"
• Previous message: Alexander Volovics: "RE: [pmfirewall] How to log selectively?"
• In reply to: James Nessen: "RE: [pmfirewall] How to log selectively?"
• Next in thread: Don Cohen: "RE: [pmfirewall] How to log selectively?"
• Reply: Don Cohen: "RE: [pmfirewall] How to log selectively?"

This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:35:25 PDT