<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">Hello everyone,<DIV><BR class="khtml-block-placeholder"></DIV><DIV>I've been using Firehol on Debian for 3-4 weeks and I'm deeply troubled by this issue.<DIV><BR class="khtml-block-placeholder"></DIV><DIV>I'm using ULOG for my logging. My syslogemu.log is filled up with the following lines...</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Aug 23 16:13:33 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15592 PROTO=UDP SPT=67 DPT=68 LEN=335 </DIV><DIV>Aug 23 16:13:33 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15595 PROTO=UDP SPT=67 DPT=68 LEN=335 </DIV><DIV>Aug 23 16:13:34 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15618 PROTO=UDP SPT=67 DPT=68 LEN=335 </DIV><DIV>Aug 23 16:13:34 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15622 PROTO=UDP SPT=67 DPT=68 LEN=335 </DIV><DIV>Aug 23 16:13:42 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15816 PROTO=UDP SPT=67 DPT=68 LEN=335 </DIV><DIV>Aug 23 16:13:42 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15819 PROTO=UDP SPT=67 DPT=68 LEN=335 </DIV><DIV>Aug 23 16:13:49 mercury IN-world: IN=eth1 OUT= MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=12.210.208.131 DST=68.45.214.101 LEN=60 TOS=00 PREC=0x20 TTL=116 ID=40390 CE PROTO=UDP SPT=6346 DPT=6348 LEN=40 </DIV><DIV>Aug 23 16:13:51 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=356 TOS=00 PREC=0x00 TTL=64 ID=16000 PROTO=UDP SPT=67 DPT=68 LEN=336 </DIV><DIV>Aug 23 16:13:51 mercury IN-world: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255 LEN=356 TOS=00 PREC=0x00 TTL=64 ID=16003 PROTO=UDP SPT=67 DPT=68 LEN=336 </DIV><DIV>Aug 23 16:13:57 mercury IN-world: IN=eth1 OUT= MAC=00:10:5a:a4:58:62:00:01:5c:22:31:c2:08:00  SRC=82.36.20.10 DST=68.45.214.101 LEN=60 TOS=00 PREC=0x20 TTL=112 ID=28780 PROTO=UDP SPT=6346 DPT=6348 LEN=40 </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><FONT class="Apple-style-span" face="Arial" size="3"><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">T</SPAN></FONT><SPAN class="Apple-style-span" style="font-size: 13px;">hese requests come every 3-7 seconds.</SPAN></FONT></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>First up is the Firehol Version information...</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Package: firehol </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Status: install ok installed </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Priority: optional </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Section: net </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Installed-Size: 792 </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Maintainer: Alexander Wirt <</SPAN></FONT><A href="mailto:formorer@debian.org"><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"><FONT class="Apple-style-span" color="#001D88">formorer@debian.org</FONT></SPAN></FONT></A><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">> </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Architecture: all </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Version: 1.231-2 </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Depends: iptables (>= 1.2.4), iproute, net-tools, bash (>= 2.04), bc </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Recommends: modutils | module-init-tools, wget | curl </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Conffiles: </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">/etc/init.d/firehol 7717da4dec6f986868eed7f80f9c73c1 </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">/etc/firehol/firehol.conf 9864d4924f1f9a68dcfa4ee67961c812 </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">/etc/default/firehol 642a7e3e4522810e37955949944ea980 </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Description: An easy to use but powerful iptables stateful firewall </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">Generates generic firewalls with an extremly simple but powerful </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">configuration language, enabling you to design any kind of local </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">or routing stateful packet filtering firewall with ease. </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">The files are getting big...</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV>-rw-r-----  1 root adm  22M 2005-08-23 16:16 syslogemu.log</DIV><DIV>-rw-r-----  1 root adm  63M 2005-08-21 06:25 syslogemu.log.1</DIV><DIV>-rw-r-----  1 root adm  52M 2005-08-14 06:25 syslogemu.log.2</DIV><DIV>-rw-r-----  1 root adm  63M 2005-08-07 06:25 syslogemu.log.3</DIV><DIV>-rw-r--r--  1 root root 59M 2005-07-31 06:25 syslogemu.log.4</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The reason why I'm so concerned is I think the constant logging is doing something to my network, causing congestion, especially on VoIP applications. Now the firehol.sh script I was using that came with the Debian install was from a <FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">pre-1.211 version of FireHOL says Costa.</SPAN></FONT></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Here is my firehol.conf : <A href="http://pastebin.ca/19665">http://pastebin.ca/19665</A></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Here is the output after running firehol in 'explain' mode: <A href="http://pastebin.ca/19741">http://pastebin.ca/19741</A></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The conversation / thread between Costa and I can be found here : <A href="http://sourceforge.net/forum/forum.php?thread_id=1267867&forum_id=196547">http://sourceforge.net/forum/forum.php?thread_id=1267867&forum_id=196547</A></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>PLEASE HELP!</DIV><DIV><BR class="khtml-block-placeholder"></DIV></DIV><DIV> <DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Rick alias cougar</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Software Developer / Computer Specialist</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Personal Email: <A href="mailto:c0ugar7i8@comcast.net">c0ugar7i8@comcast.net</A></DIV></DIV></BODY></HTML>