From owner-freebsd-questions Sat Dec 14 5:23:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D5BE37B401 for ; Sat, 14 Dec 2002 05:23:49 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAD5F43ED8 for ; Sat, 14 Dec 2002 05:23:47 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-b129.otenet.gr [212.205.244.137]) by mailsrv.otenet.gr (8.12.6/8.12.6) with ESMTP id gBEDNZQk006033; Sat, 14 Dec 2002 15:23:37 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.6/8.12.6) with ESMTP id gBEDNY8L036079; Sat, 14 Dec 2002 15:23:35 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by gothmog.gr (8.12.6/8.12.6/Submit) id gBEDNWqZ036078; Sat, 14 Dec 2002 15:23:32 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Sat, 14 Dec 2002 15:23:32 +0200 From: Giorgos Keramidas To: Jens Rehsack Cc: Erwan Breton , freebsd-questions@FreeBSD.ORG Subject: Re: Kernel log messages Message-ID: <20021214132332.GA35991@gothmog.gr> References: <200212141214.42931.breton@cri.ensmp.fr> <3DFB23FA.60803@liwing.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3DFB23FA.60803@liwing.de> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-12-14 13:28, Jens Rehsack wrote: > Erwan Breton wrote: > >Hi, > > > >Since i have activate the firewall on my Box, I have many kernel > >log messages in my security check output every night. the problem > >is, i don't see anymore interessant messages like bad login. > > > >athena kernel log messages: > > > >>ipfw: 600 Deny TCP 80.14.195.215:3795 10.255.255.250:4661 out via tun0 > >>ipfw: 800 Deny TCP 80.14.195.215:3801 192.168.10.210:4661 out via tun0 > >>ipfw: 800 Deny TCP 80.14.195.215:3810 192.168.1.77:4661 out via tun0 > >>ipfw: 1600 Deny ICMP:3.3 192.168.1.2 80.14.195.215 in via tun0 > >>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 > >>ipfw: 700 Deny TCP 80.14.195.215:4198 172.16.1.50:4661 out via tun0 > >>Etc .. etc .. etc ... > > It seems you use rules which locks the blocked packets. If you sent > your firewall config, I can say you which rules do that. > > Moved to questions@freebsd.org, cause it's not a security related > question but a config related one. Actually the rule numbers are listed above too. Rules 600, 700, 800, 1600 and 4000 are the ones that log denied packets. Deleting the 'log' keyword from those rules will make sure that logs are kept a bit more clean. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message