Date: Sat, 14 Dec 2002 16:04:34 +0100 From: Erwan Breton <breton@cri.ensmp.fr> To: freebsd-questions@freebsd.org Subject: Re: Kernel log messages Message-ID: <200212141604.34200.breton@cri.ensmp.fr> In-Reply-To: <20021214132332.GA35991@gothmog.gr> References: <200212141214.42931.breton@cri.ensmp.fr> <3DFB23FA.60803@liwing.de> <20021214132332.GA35991@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 14 December 2002 14:23, Giorgos Keramidas wrote: > On 2002-12-14 13:28, Jens Rehsack <rehsack@liwing.de> wrote: > > Erwan Breton wrote: > > >Hi, > > > > > >Since i have activate the firewall on my Box, I have many kernel > > >log messages in my security check output every night. the problem > > >is, i don't see anymore interessant messages like bad login. > > > > > >athena kernel log messages: > > >>ipfw: 600 Deny TCP 80.14.195.215:3795 10.255.255.250:4661 out via t= un0 > > >>ipfw: 800 Deny TCP 80.14.195.215:3801 192.168.10.210:4661 out via t= un0 > > >>ipfw: 800 Deny TCP 80.14.195.215:3810 192.168.1.77:4661 out via tun= 0 > > >>ipfw: 1600 Deny ICMP:3.3 192.168.1.2 80.14.195.215 in via tun0 > > >>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via t= un0 > > >>ipfw: 700 Deny TCP 80.14.195.215:4198 172.16.1.50:4661 out via tun0 > > >>Etc .. etc .. etc ... > > > > It seems you use rules which locks the blocked packets. If you sent > > your firewall config, I can say you which rules do that. > > > > Moved to questions@freebsd.org, cause it's not a security related > > question but a config related one. > > Actually the rule numbers are listed above too. Rules 600, 700, 800, > 1600 and 4000 are the ones that log denied packets. Deleting the > 'log' keyword from those rules will make sure that logs are kept a bit > more clean. humm, it's an idea but no way to log ipfw messages AND have only kernel=20 messages in security check output ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212141604.34200.breton>