On Wednesday 15 June 2005 04:13 pm, Jan C. Nordholz wrote: > Hi! > > > I'm trying to rid myself of annoying iptables messages that are clogging > > up the console and dmesg. To my firewall script I've added: > > Well, dmesg just reads the kernel's debugging ringbuffer, where _every_ > printk() the kernel issues is recorded. You can't keep messages from > appearing there, you can just prevent that they travel any further. :-) > > > echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid > > Hm, didn't even know that toggle - however, it already is 0 here, so I > guess that's the default... > > > And to sysklogd: > > > > KLOGD="-c 4" > > This will keep iptables log messages (which default to log-level warning, > i.e. 4, but see the --log-level option in the manpage) from appearing on > the console. However, those messages are still forwarded to the syslog > facility, unless you've told klogd to behave differently (see the -f > switch). > > What sysklogd then does with them is dictated by /etc/syslog.conf(5) - > incoming messages from klogd are given facility "kernel" (as you might > have guessed ;-) ), and the priority given by the kernel is just passed > through. > > > The console messages seem to be gone, but dmesg is still clogged with > > iptables junk. > > You can't change that. I'd suggest you use another source of information: > by customizing syslog.conf you should be able to extract every possible > subset of logging messages pretty comfortably. > > > HTH, > > Jan
Thanks for the reply, Jan. Acually, I guess I posted too early. Hot-keying to my server (via a KVM) revealed: New not syn:IN=eth1 OUT= MAC=00:30:1b:3d:ed:0e:00:02:3b:01:dd:e1:08:00 SRC=64.14.56.90 DST=64.45.235.41 LEN=41 TOS=0x00 PREC=0x00 TTL=240 ID=21627 PROTO=TCP SPT=80 DPT=36366 WINDOW=64687 RES=0x00 ACK PSH URGP=0 IPT INPUT packet died: IN=eth1 OUT= MAC=00:30:1b:3d:ed:0e:00:02:3b:01:dd:e1:08:00 SRC=64.14.56.90 DST=64.45.235.41 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10675 PROTO=TCP SPT=80 DPT=36366 WINDOW=9300 RES=0x00 RST URGP=0 Printed to the console. More googling ahead... Jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
