[Firehol-support] Firehol: How to log denied connections?

Carlos Rodrigues carlos.efr at mail.telepac.pt
Tue Jan 31 18:26:57 GMT 2006


You can add:

     FIREHOL_LOG_FREQUENCY="1/minute"

to your firehol.conf...

Those logging instances cause logging with malformed packets, and with
refused connections (at the bottom of the chains, after all ACCEPTs).


On 1/31/06, Terrance Harris <tharrisone at gmail.com> wrote:
> Here is the iptables instances where it logs:
>  iptables -L | grep LOG
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `IN-unknown:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `PASS-unknown:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `OUT-unknown:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `IN-internet:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `OUT-internet:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `PACKET FRAGMENTS:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `ICMP FLOOD:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `MALFORMED BAD:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `MALFORMED NULL:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `MALFORMED XMAS:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `NEW TCP w/o SYN:'
>  LOG        all  --  anywhere             anywhere            limit: avg
> 1/sec burst 5 LOG level warning prefix `SYN FLOOD:'
>
>  I don't care about logging the protection but it's logging way too much =)
>
>
> On 1/31/06, Carlos Rodrigues < carlos.efr at mail.telepac.pt> wrote:
> > On 1/31/06, Terrance Harris < tharrisone at gmail.com> wrote:
> > > Hello,
> > >
> > >  I've noticed that firehol by default logs all packets going in and out
> > >  but I just want firehol to log denied connections which would make
> > >  things alot easier to manage the firewall.
> >
> > Hmmm, it should only log denied connections, *by default*.
> >
> > --
> > Carlos Rodrigues


--
Carlos Rodrigues




More information about the Firehol-support mailing list