[Firehol-support] policy/server reject/accept/drop

Costa Tsaousis costa at tsaousis.gr
Tue Oct 11 19:38:58 BST 2005


Redeeman wrote:

>hello.. (sorry to write all this much, but im getting problems as i
>go :))
>
>the thing is, i have policy reject/drop on my interface, and it was my
>understanding that it does the same as server all drop or server all
>reject.. however it doesent, beacuse with only policy drop and policy
>reject it still logs, and i really hate those logs, so i need to add
>server all drop, client all drop.. isnt there some way to disable
>logging alltogether, or make policy do it?
>  
>
You cannot disable it, but you can limit it. Check the documentation for 
FIREHOL_LOG_FREQUENCY and relative variables.
I also suggest to use ulogd for managing iptables logs. This way the 
firewall logs will not interefere with the system logs.

Costa





More information about the Firehol-support mailing list