[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] How can I tell susefirewall not to log about a certain port?

To: OS-sec <opensuse-security@xxxxxxxxxxxx>
Subject: Re: [opensuse-security] How can I tell susefirewall not to log about a certain port?
From: <pedrocsort-e@xxxxxxxxx>
Date: Wed, 18 Jul 2007 02:26:27 -0700 (PDT)
Delivered-to: opensuse-security@xxxxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=c/05kPiy/zNrdzbUID0GjEKJKKUW7xtnaTsR5EfSRAnUyL6W8WgKxErM5UgxyND1nPU4kzKUv5o535NfbTp+LFydk2A5mZwUcoXD1I+zk3t7tGXvf3OzsehkyiP5kZ++x3VLQo+h5hWmnAZDmVo8lVvuj7CB4VwMbI2Kejmlwws=;
In-reply-to: <Pine.LNX.4.64.0707151404560.32085@xxxxxxxxxxxxxxxx>
List-help: <mailto:opensuse-security+help@opensuse.org>
List-owner: <mailto:opensuse-security+owner@opensuse.org>
List-post: <mailto:opensuse-security@opensuse.org>
List-subscribe: <mailto:opensuse-security+subscribe@opensuse.org>
List-unsubscribe: <mailto:opensuse-security+unsubscribe@opensuse.org>
Mailing-list: contact opensuse-security+help@xxxxxxxxxxxx; run by mlmmj
Reply-to: pedrocsort-e@xxxxxxxxx

Hi,

I have also spend some time with this exact same issue
but unfortunately I do not have a solution for this,
but it would be wyse to remember that particular port
is the default for a very well known application that
I would seriously advise to log.

The ideal would be to have a separate log just for
this port.
This adds another level of complexity in the issue,
but IMHO it would be the perfect solution ...

Regards,
Pedro


--- "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hi,
> 
> In the /etc/sysconfig/SuSEfirewall2 file I have:
> 
> 
> FW_SERVICES_EXT_TCP="4662"
> 
> But entries to that port are logged:
> 
> Jul 15 14:07:25 nimrodel kernel: SFW2-INext-ACC-TCP
> IN=eth0 OUT= 
> MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00
> SRC=189....
> DST=192.168.1... LEN=48 TOS=0x00 PREC=0x00 TTL=112
> ID=6454 DF PROTO=TCP 
> SPT=50867 DPT=4662 WINDOW=64240 RES=0x00 SYN URGP=0
> OPT (0204058401010402)
> 
> As it is a port I opened, I understand it should not
> be logged, it is not 
> a "critical" port. I have:
> 
> FW_LOG_DROP_CRIT="yes"
> FW_LOG_DROP_ALL="yes"
> FW_LOG_ACCEPT_CRIT="yes"
> FW_LOG_ACCEPT_ALL="no"
> 
> 
> What could I do so that they are not logged? I want
> other port logged, but 
> not those I explicitly opened myself.
> 
> 
> 
> - -- 
> Cheers,
>        Carlos Robinson
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Made with pgp4pine 1.76
> 
>
iD8DBQFGmg9ZtTMYHG2NR9URArYzAJ9Ty4P6d6pGX4TuOrv/8L4CPCWbsgCgjPOM
> lz6ZfwgOR1Eawj7JVyde26k=
> =ojto
> -----END PGP SIGNATURE-----
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> opensuse-security+unsubscribe@xxxxxxxxxxxx
> For additional commands, e-mail:
> opensuse-security+help@xxxxxxxxxxxx
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

References:
- [opensuse-security] How can I tell susefirewall not to log about a certain port?
  - From: Carlos E. R.

Prev by Date: Re: [opensuse-security] packet labeling & routing decision based on these labels
Next by Date: Re: [opensuse-security] How can I tell susefirewall not to log about a certain port?
Previous by thread: [opensuse-security] How can I tell susefirewall not to log about a certain port?
Next by thread: Re: [opensuse-security] How can I tell susefirewall not to log about a certain port?
Index(es):
- Date
- Thread