I had the same problem. But one day it seemed to magically disappear. Some reasons why it may have went away: 1) ran "service iptables save" to save firewall rules 2) up2date'd the system including new kernel 3) reboot after that (so that new kernel takes effect)
I suspect updat'n the kernel did the job, since I had commented out'n ANYTHING to console in syslog and it still did wrote junk to the screen. BTW, I'm using RedHat 7.3 and I believe I'm already on the 2rd kernel update they released: 2.4.18-10 - Will ----- Original Message ----- From: "Tom Pollerman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 10, 2002 10:51 AM Subject: Re: Don't display firewall messages to screen > On Mon, 09 Sep 2002 20:58:48 -0700 > Stephen Rasku <[EMAIL PROTECTED]> wrote: > > > On Saturday 07 September 2002 07:38 pm, Robert Canary wrote: > > > try adding > > > *.debug /var/log/debug.log > > > > I tried that. It logs the firewall messages (plus some other > > things) to that file. But it still logs to /var/log/messages and it > > still logs to the screen. I don't actually want it to any > > additional places. I just want it to stop logging to the screen. > > > > > it is hard to tell which facility to capture, but since you have > > > debuggibg turned on I am guessing it should be in the .debug sub > > > facility. > > > > From this firewall message: > > Sep 9 19:27:08 hostname kernel: Dropped: IN=eth0 OUT= > > MAC=00:05:xx:xx:xx:xx:00:00:77:95:6e:c6:08:00 SRC=24.68.18.131 > > DST=xx.xx.xx.xx LEN=78 TOS=0x00 PREC=0x00 TTL=125 ID=5039 PROTO=UDP > > SPT=137 DPT=137 LEN=58 > > > > It appears that it is the kernel facility that is being logged. > > This makes sense since it's a kernel module that does the filtering. > > > > From this portion of my "iptables -L" command > > > > LOG all -- anywhere anywhere LOG > > level warning prefix `Dropped: > > > > it appears that it's logging with a priority of 'warning'. When I > > wrote that I was "debugging" my firewall, I was trying to figure out > > why it isn't working. For the time being, I am assuming it is > > because of an incorrect firewall rule. I added a rule to display > > every received packet so I can see what is being received and what > > is being dropped. I didn't actually modify syslog.conf to log any > > facilities at the debug level to do this. > > > > > > > > You might want to try creating a log file local1 thru local7 > > > > I don't think this will make any difference since the firewall rules > > seem to be logging using the kernel facility. > > > > ...Stephen > > > > > I run ipchains, so am not up on the syntax or options for iptables. > In syslog if you only specify a single priority in a selector > (without modifiers) you're specifying THAT priority and all HIGHER > priorities. Might it be that your 'LOG level warning' in the iptables > rules is being interpreted as *.warn to syslog and, since it is a > single priority, gets broadcast to everyone because of the line in > /etc/syslog.conf : > *.emerg * > > As a test, just to see if the screen messages disappear, you could > comment out the above line and restart syslog. If they do, you might > try changing the syntax in your iptable rule to read 'LOG > level=warning'. The = limits the priority level to warning only - > nothing higher. > > Best, > > Tom > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
