[Shorewall-users] Message flooding of syslog

Sun, 11 May 2008 11:23:28 -0700 

Greetings;

My syslog is getting 100s of thousands of messages like 
the following (these are just a sample); (BTW I am 
running Debian/lenny)

> May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 
> SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 
> DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0 
> May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 
> SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37902 
> DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0 
> May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 
> SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37903 
> DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0 
> May 11 12:41:31 gatekeeper kernel: BANDWIDTH_OUT:IN=eth0 OUT=eth1 
> SRC=204.2.145.29 DST=192.168.31.1 LEN=1500 TOS=0x00 PREC=0x00 TTL=118 ID=2300 
> DF PROTO=TCP SPT=80 DPT=4697 WINDOW=32552 RES=0x00 ACK URGP=0 

I think I have traced the "cause" of them to the file 
/etc/shorewall/start which contains the following four 
records;

> run_iptables -I INPUT -i eth1 -j LOG --log-prefix BANDWIDTH_IN: --log-level 
> debug
> run_iptables -I FORWARD -i eth1 -j LOG --log-prefix BANDWIDTH_IN: --log-level 
> debug
> run_iptables -I FORWARD -o eth1 -j LOG --log-prefix BANDWIDTH_OUT: 
> --log-level debug
> run_iptables -I OUTPUT -o eth1 -j LOG --log-prefix BANDWIDTH_OUT: --log-level 
> debug

But, I am not sure these are what is causeing the 
records tobe logged, and I can't figure out how to 
change them to stop the logging but keep the firewall 
operational.

Can anybody give me an assist?

Thanks,
Dennis

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to