From owner-freebsd-questions  Wed Jul 29 17:09:49 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA08732
          for freebsd-questions-outgoing; Wed, 29 Jul 1998 17:09:49 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA08686
          for <freebsd-questions@FreeBSD.ORG>; Wed, 29 Jul 1998 17:09:36 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.5/8.8.8) with SMTP id QAA23955;
          Wed, 29 Jul 1998 16:36:18 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Wed, 29 Jul 1998 16:36:17 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: Andrew Stone <andrew@stone.com>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: sysctl -w net.inet.udp.log_in_vain=1 causes spurious messages
In-Reply-To: <199807292015.OAA00513@floyd.stone.com>
Message-ID: <Pine.BSF.4.00.9807291635460.24795-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Wed, 29 Jul 1998, Andrew Stone wrote:

> (I'm not on this mailing list, so please reply to me, and I'll summarize, thanks!)
> 
> While beefing up the security of our freeBSD gateway, I call these sysctl's from rc.local:
> 
> sysctl -w net.inet.tcp.log_in_vain=1
> sysctl -w net.inet.udp.log_in_vain=1
> sysctl -w kern.securelevel=2
> 
> 
> The kernel logs messages like the following, which, since it's from the gateway to the gateway, make no sense and just add noise:
> (note 53 is the DNS port, which we allow with ipfw, but these are being logged by the kernel, the IP address is the local gateway IP address)
> 
> Connection attempt to UDP 198.111.108.100:1027 from 198.111.108.100:53
> Connection attempt to UDP 198.111.108.100:1029 from 198.111.108.100:53
> Connection attempt to UDP 198.111.108.100:1031 from 198.111.108.100:53
> Connection attempt to UDP 198.111.108.100:1114 from 198.111.108.100:53
> 
> Anyway to stop these? I looked online but found nothing.

The _log_in_vain sysctl's are a debugging mechanism, I thought.  If you
want packet logging then use ipfw's logging mechanisms.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message