From owner-freebsd-questions@FreeBSD.ORG Thu Mar 27 17:14:42 2008 Return-Path: Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 88984106566B for ; Thu, 27 Mar 2008 17:14:42 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id 782B38FC29 for ; Thu, 27 Mar 2008 17:14:42 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225) id 062963C04CD; Thu, 27 Mar 2008 10:14:42 -0700 (PDT) Date: Thu, 27 Mar 2008 10:14:41 -0700 From: Christopher Cowart To: Paul Hoffman Message-ID: <20080327171441.GF53767@hal.rescomp.berkeley.edu> Mail-Followup-To: Paul Hoffman , freebsd-questions@FreeBSD.ORG References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sClP8c1IaQxyux9v" Content-Disposition: inline In-Reply-To: Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Suppressing "Limiting icmp unreach response" log messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2008 17:14:42 -0000 --sClP8c1IaQxyux9v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Paul Hoffman wrote: > How can I eliminate the "Limiting icmp unreach response" messages from=20 > getting to /var/log/messages or to the console? I have a spate of them th= at=20 > is causing log rollovers. I think I know the source of the problem, but= =20 > need to get rid of the messages first. The icmp unreach responses happen when someone sends a UDP packet to your computer on a port with no running service (or at least, this is the most likely explanation). Some options: * Set up a firewall to deny the inbound traffic * Configure blackhole(4) to do the same I wouldn't recommend attacking the problem from the point of view of just making the log messages go away, but if you're comfortable with that, then the other post recommendinding syslog-ng might work for you (though I'd recommend configuring a pattern match on the message you want to discard or re-route). --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --sClP8c1IaQxyux9v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQIVAwUBR+vWASPHEDszU3zYAQKWphAAlKauPSB3bENkMBtFIVaz1FXWorVViLRY bzwXwXsSpcBPS/zsj5HtaRVPg8cudw2YdYcnHJYpzCoC154tHcl6XsrusMSTyUNm chJXqiaMNDqQWGDB/Mmyawv/KHwfW5YnASndygqo78qdK/jrgez/f8ERJP6eSDSh G92K3qSsOx8gE1WjSXdaxUb8pzOJ2KnH59IJ/7zZo/CRBMW+AuVL4QjgS5op8p7d RT3XsujASDvdtOh96a50u4ZcxMkwYTrQu+NNqxaJFQptnGQ7hc6ohWrnfnYuX9z4 RUngcDv4nGGdaUDSEToHVKsuymhmDUIvedMnaNN6F4ChYF0K5UX/lqOkHxQg85w6 4GgyIv2TvRcczwnxIJyieFdwsopmTumXOL0/u+hJ2eLWIDBJVPHeIHWSaojwOTou 0rZC0psw7u9WITHw18UYJ+/mH4olZH2RxfyVzFdcQsSbBKVrP+4cV8j9vp276dOy sarJPtTVCXnS00WUo0fHHhizrDdcctxYFBzaMZ8f1fzYmN7zvTwWAVedcBStr4Rx WnYrHXEo5N153G/mj1QVIv+KY4mDxvzr3UwsjCFA90ymdDmRzXzqKQjTzK3gvCHU 4z15mjzMit/w6WhyAY74pVJr/X5oPDyunNatvdpe9Ie2ckSPbiM1r+9hcVt6UGfh vkWfFGXyWy4= =ASDH -----END PGP SIGNATURE----- --sClP8c1IaQxyux9v--