Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 30 November 2024, 10:17:05 pm

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  How to turn off logging of a specific firewall match?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: How to turn off logging of a specific firewall match?  (Read 12449 times)
strangetpwn
Jr. Member
*
Offline Offline

Posts: 4


« on: Thursday 09 September 2010, 03:17:29 pm »

My firewall logs are full of entries like:

INPUTFW:DROP UDP  (br0) 192.168.1.2:17500 -> 255.255.255.255:17500

These are related to the LAN Sync feature of Dropbox.

Everything works as it is so I don't need to change this rule, I just don't need it to be logged since it creates about 8 entries each minute for each machine running DB, making my firewall logs hard to read.

Is there something I can add to iptables to turn off logging of this specific case? Something like:

iptables -A -d 255.255.255.255 -p udp --dport 17500 -j DROP - [do not log this]

I've tried creating rules to ALLOW using EFW's web interface, but these don't work.

Thanks
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Friday 10 September 2010, 01:49:08 am »

This logs are being created by the Incoming Firewall (INPUTFW).
Try to create a drop rule in Firewall->Incoming routed traffic
Logged
strangetpwn
Jr. Member
*
Offline Offline

Posts: 4


« Reply #2 on: Friday 10 September 2010, 03:30:12 am »

Thanks, I tried this suggestion, the rule looks like:
 
Source          Destination             Service          Policy
192.168.1.2    255.255.255.255    UDP/17500   DENY

but it hasn't an effect on my Live logs, any other ideas?
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #3 on: Friday 10 September 2010, 08:29:14 am »

The Linux nerd's way.

Endian uses a series of scripts to create iptables. From some templates (.tmpl files) it creates the iptables files.
Go to /etc/firewall/inputfw. You'll find three kind of files: .conf, .conf.old and .conf.tmpl, and two files: rules.tmpl iptablesinputfw
The .conf.tmpl are the templates.

So the way EFW works when you apply a change on firewall GUI is:
1-Moving actual config files (.conf) to old config (.conf.old).
2-From template files (.conf.tmpl) the system recreates the new config files.
3-Old & New config are compared. If there are differences the file iptablesinputfw is recreated (via the rules.tmpl file) and reloaded onto iptables.

So the way to act is editing the rules.tmpl file and adding your custom rule to see if that blocks the log.

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.07 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com