Thanks Lonnie. Yes I will certainly sort all that out. I was just surprised
that you could turn off logging on the other interfaces.
Regards
Michael Knill
On 18/11/2012, at 9:25 AM, Lonnie Abelbeck wrote:
> Michael,
>
> Actually, no there is not an option to turn AIF:DMZ-INPUT logging off.
Michael,
Actually, no there is not an option to turn AIF:DMZ-INPUT logging off.
The best is to 'fix' the problem. :-)
You have an IP (172.16.17.2) doing a DNS lookup via 172.16.17.1, (see that from
the logs ?)
Either add a rule to allow it (Pass DMZ->Local UDP 0/0 53) or reconfigure
172.16.17
Is there any way to turn this off? My system log is full of these but I have
unticked all logging.
Nov 17 11:59:53 CAP1-90002-IPC-Biz user.info kernel: AIF:DMZ-INPUT denied:
IN=eth2 OUT= MAC=00:30:18:ac:c5:de:38:60:77:29:61:f7:08:00 SRC=172.16.17.2
DST=172.16.17.1 LEN=67 TOS=0x00 PREC=0x00 TTL=
