On 2002-12-14 16:04, Erwan Breton <[EMAIL PROTECTED]> wrote:
> On Saturday 14 December 2002 14:23, Giorgos Keramidas wrote:
> > On 2002-12-14 13:28, Jens Rehsack <[EMAIL PROTECTED]> wrote:
> > > Erwan Breton wrote:
> > > >Since i have activate the firewall on my Box, I have many kernel
> > > >log messages in my security check output every night. the problem
> > > >is, i don't see anymore interessant messages like bad login.
> > > >
> > > >athena kernel log messages:
> > > >>ipfw: 600 Deny TCP 80.14.195.215:3795 10.255.255.250:4661 out via tun0
> > > >>ipfw: 800 Deny TCP 80.14.195.215:3801 192.168.10.210:4661 out via tun0
> > > >>ipfw: 800 Deny TCP 80.14.195.215:3810 192.168.1.77:4661 out via tun0
> > > >>ipfw: 1600 Deny ICMP:3.3 192.168.1.2 80.14.195.215 in via tun0
> > > >>ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
> > > >>ipfw: 700 Deny TCP 80.14.195.215:4198 172.16.1.50:4661 out via tun0
> > > >>Etc .. etc .. etc ...
> > >
> > > It seems you use rules which locks the blocked packets. If you sent
> > > your firewall config, I can say you which rules do that.
> >
> > Actually the rule numbers are listed above too. Rules 600, 700, 800,
> > 1600 and 4000 are the ones that log denied packets. Deleting the
> > 'log' keyword from those rules will make sure that logs are kept a bit
> > more clean.
>
> humm, it's an idea but no way to log ipfw messages AND have only kernel
> messages in security check output ?
Can you try the following patch to /etc/periodic/security ?
%%%
diff -u security.functions.orig -r1.2 security.functions
--- security.functions.orig 16 Nov 2002 14:58:39 -0000
+++ security.functions 14 Dec 2002 20:00:41 -0000
@@ -44,6 +44,9 @@
if [ "$1" = "new_only" ]; then
shift
filter="grep '^>'"
+ if [ "$2" = "dmesg" ]; then
+ filter="${filter} | grep -v 'ipfw:'"
+ fi
else
filter="cat"
fi
%%%
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
