Re: [Shorewall-users] Using Shorewall to remove martian warnings from kernel log
Thank you Vieri, that has sorted the problem. Thanks to Leandro too for their solution. I had already turned off Martian logging in shorewall.conf but I didn't know how to do it in the kernel log. That's a useful method to know about. Regards, On Wed, 18 Oct 2023 at 14:38, Vieri Di Paola wrote: > Hi, > > Not sure about the log, but a quick workaround would be to add 172.26 as > an alias to the shorewall gateway. > > On Wed, Oct 18, 2023, 15:09 David Watkins wrote: > >> Hi, >> >> I'm a long time shorewall user, but with very basic skills, running a >> simple 2 port firewall between my ISP and a home network. >> >> Home network is on 192.168.0.x >> >> My wife has configured her laptop NIC with both a 192.168 address and a >> 172.16.x address, so that she can connect to a private development system >> at her office (this system uses static IPs only). >> >> This means that when she connects at home the firewall machine log is >> flooded with kernel warnings about 172.16 martian packets. >> >> I can disable these warnings in the shorewall log but they still appear >> in the system log (journalctl). >> >> Can I use shorewall to drop them before the kernel sees them? or is >> there some other way of cleaning up the log? >> >> Thanks for any help. >> > > ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Using Shorewall to remove martian warnings from kernel log
SHOREWALL
You can turn off on shorewall.conf
LOG_MARTIANS=No
KERNEL
You can turn off martian logging:
echo 0 > /proc/sys/net/ipv4/conf/{all,default}/log_martians
Regards.
El 18/10/2023 a las 10:07, David Watkins escribió:
Hi,
I'm a long time shorewall user, but with very basic skills, running a
simple 2 port firewall between my ISP and a home network.
Home network is on 192.168.0.x
My wife has configured her laptop NIC with both a 192.168 address and
a 172.16.x address, so that she can connect to a private development
system at her office (this system uses static IPs only).
This means that when she connects at home the firewall machine log is
flooded with kernel warnings about 172.16 martian packets.
I can disable these warnings in the shorewall log but they still
appear in the system log (journalctl).
Can I use shorewall to drop them before the kernel sees them? or is
there some other way of cleaning up the log?
Thanks for any help.
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Using Shorewall to remove martian warnings from kernel log
Hi, Not sure about the log, but a quick workaround would be to add 172.26 as an alias to the shorewall gateway. On Wed, Oct 18, 2023, 15:09 David Watkins wrote: > Hi, > > I'm a long time shorewall user, but with very basic skills, running a > simple 2 port firewall between my ISP and a home network. > > Home network is on 192.168.0.x > > My wife has configured her laptop NIC with both a 192.168 address and a > 172.16.x address, so that she can connect to a private development system > at her office (this system uses static IPs only). > > This means that when she connects at home the firewall machine log is > flooded with kernel warnings about 172.16 martian packets. > > I can disable these warnings in the shorewall log but they still appear in > the system log (journalctl). > > Can I use shorewall to drop them before the kernel sees them? or is there > some other way of cleaning up the log? > > Thanks for any help. > ___ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
