On Mon, 2007-01-08 at 22:52 +0100, Gerard Robin wrote: > Hello, > I have a script which contains iptables's commands and which works fine > as firewall, but I encounter a problem with the log: > > in /var/log/kern.log I get a tone of lines of this type: > > Jan 8 18:25:25 nameofmybox kernel: Inbound IN=eth0 OUT= > MAC=00:e:4c:8:3:1:00:07:cb:31:9c:71:08:00 SRC= A.B.C.D DST=E.F.G.H LEN=64 > TOS=0x00 PREC=0x00 TTL=41 ID=57486 DF PROTO=TCP SPT=3910 DPT=445 WINDOW=53760 > RES=0x00 SYN URGP=16 > > ( A.B.C.D and E.F.G.H are some addresses ... ) > > When I am in command line these lines are displayed continously and it is > impossible to work. (the problem doesn't happen on xwindow on an xterm ) > > The problem stops if I comment four lines of the script. > the four lines: > > # iptables -A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit > --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6 > > # iptables -A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit > --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6 > > # iptables -A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG > --log-prefix "Inbound " --log-level 6 > > # iptables -A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " > --log-level 6 > > ( LSI is a chain created by a user) > however, I think that these lines give interesting informations and I > would like to know how to keep them, but without that my file kern.log > grows inordinately. > > Thank in advance to help me to change this four lines . > > My system is simple: > one box > one modem "freebox" it's the modem provided by my ISP free.fr > one ethernet network card > ifconfig gives : eth0, lo, sit0 > uname -r : 2.6.18-3-486 >
you could keep the rules and do: # dmesg -n 1 in order to prevent the output from being printed to the terminal (man dmesg). -davidc -- gpg-key: http://www.zettazebra.com/files/key.gpg
signature.asc
Description: This is a digitally signed message part
