You might try a rule similar to
-A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
Place this before any logging rules as it will tell the firewall to accept any traffic on the local loopback with a destination and source of 127.0.0.1. This traffic never (well, should never) leave the local system and, unless specific tracking is needed, shouldn't need to be logged.
Nathaniel Hall Intrusion Detection and Firewall Technician Ozarks Technical Community College -- Office of Computer Networking
halln@xxxxxxx 417-799-0552
menonrr@xxxxxxx wrote:
Hello Mark,
Thanks for the advice.
But now I have a new problem. The syslog logs millions of such entries:
Source and Destination to 127.0.0.1
Oct 5 10:35:17 nessusClient kernel: INPUT packets:IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1
DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30292 DF
PROTO=TCP SPT=631 DPT=34189 WINDOW=32754 RES=0x00 ACK URGP=0
Source = various ; Destination to 255.255.255.0
Oct 5 10:51:09 nessusClient kernel: INPUT eth1 Ext:IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:74:ab:0d:27:08:00 SRC=134.126.21.83 DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=39383 PROTO=UDP SPT=1226 DPT=7100 LEN=48
Can you advise how to make the log less cumbersome (--log-level?) and not log unnecesary information like traffic from 127.0.0.1 or broadcasts?
I am very thankful.
Menon
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
