To cut down on the amount of clutter appearing in my firewall log, I silently
blacklist certain traffic.
In shorewall.conf, I set BLACKLIST_LOGLEVEL="". Then
in /etc/shorewall/blacklist, I have the equivalent of:
0.0.0.0/0 tcp 57
0.0.0.0/0 tcp 1023
0.0.0.0/0 udp 1025:1032
0.0.0.0/0 udp 1434
0.0.0.0/0 tcp 1433
0.0.0.0/0 tcp 2745
0.0.0.0/0 tcp 3127
0.0.0.0/0 tcp 3410
0.0.0.0/0 tcp 4899
0.0.0.0/0 tcp 5554
0.0.0.0/0 tcp 8081
0.0.0.0/0 tcp 9898
Hmm - it doesn't work for me!
I put:
0.0.0.0/0 udp 1025:1032
in /etc/shorewall/blacklist
and:
BLACKLIST_LOGLEVEL=""
in /etc/shorewall/shorewall.conf
and am still getting udp packets targeting 1025 to 1032.
BTW, should the null_string be assigned to BLACKLIST_LOGLEVEL (as above), or
should it really be a null ('')?
The comments in the file state that if no logging is required, then
BLACKLIST_LOGLEVEL shouldn't be assigned to
i.e commented out.
Jim Ford
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
