Re: [Shorewall-users] Using Shorewall to remove martian warnings from kernel log
Thank you Vieri, that has sorted the problem. Thanks to Leandro too for their solution. I had already turned off Martian logging in shorewall.conf but I didn't know how to do it in the kernel log. That's a useful method to know about. Regards, On Wed, 18 Oct 2023 at 14:38, Vieri Di Paola wrote: > Hi, > > Not sure about the log, but a quick workaround would be to add 172.26 as > an alias to the shorewall gateway. > > On Wed, Oct 18, 2023, 15:09 David Watkins wrote: > >> Hi, >> >> I'm a long time shorewall user, but with very basic skills, running a >> simple 2 port firewall between my ISP and a home network. >> >> Home network is on 192.168.0.x >> >> My wife has configured her laptop NIC with both a 192.168 address and a >> 172.16.x address, so that she can connect to a private development system >> at her office (this system uses static IPs only). >> >> This means that when she connects at home the firewall machine log is >> flooded with kernel warnings about 172.16 martian packets. >> >> I can disable these warnings in the shorewall log but they still appear >> in the system log (journalctl). >> >> Can I use shorewall to drop them before the kernel sees them? or is >> there some other way of cleaning up the log? >> >> Thanks for any help. >> > > ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Using Shorewall to remove martian warnings from kernel log
SHOREWALL You can turn off on shorewall.conf LOG_MARTIANS=No KERNEL You can turn off martian logging: echo 0 > /proc/sys/net/ipv4/conf/{all,default}/log_martians Regards. El 18/10/2023 a las 10:07, David Watkins escribió: Hi, I'm a long time shorewall user, but with very basic skills, running a simple 2 port firewall between my ISP and a home network. Home network is on 192.168.0.x My wife has configured her laptop NIC with both a 192.168 address and a 172.16.x address, so that she can connect to a private development system at her office (this system uses static IPs only). This means that when she connects at home the firewall machine log is flooded with kernel warnings about 172.16 martian packets. I can disable these warnings in the shorewall log but they still appear in the system log (journalctl). Can I use shorewall to drop them before the kernel sees them? or is there some other way of cleaning up the log? Thanks for any help. ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Using Shorewall to remove martian warnings from kernel log
Hi, Not sure about the log, but a quick workaround would be to add 172.26 as an alias to the shorewall gateway. On Wed, Oct 18, 2023, 15:09 David Watkins wrote: > Hi, > > I'm a long time shorewall user, but with very basic skills, running a > simple 2 port firewall between my ISP and a home network. > > Home network is on 192.168.0.x > > My wife has configured her laptop NIC with both a 192.168 address and a > 172.16.x address, so that she can connect to a private development system > at her office (this system uses static IPs only). > > This means that when she connects at home the firewall machine log is > flooded with kernel warnings about 172.16 martian packets. > > I can disable these warnings in the shorewall log but they still appear in > the system log (journalctl). > > Can I use shorewall to drop them before the kernel sees them? or is there > some other way of cleaning up the log? > > Thanks for any help. > ___ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users