Linux Security
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
User Name:
Password:
Remember me
Go Back   Web Development Archives Mailing Lists Linux Security
Reload this Page

How can I tell susefirewall not to log about a certain port?

Discuss How can I tell susefirewall not to log about a certain port? in the Linux Security forum on Dev Archives.
How can I tell susefirewall not to log about a certain port? Linux Security list covers security hole reports, Linux as a firewall, safety of Konquerer and Firefox, and hard drive wipes.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Display Modes
 
Unread Web Development Archives Sponsor:
  #1  
Old July 18th, 2007, 06:19 AM
Boyan Tabakov
Guest
Dev Archives Newbie (0 - 499 posts)
  
Posts: n/a  
Time spent in forums:
Reputation Power:
How can I tell susefirewall not to log about a certain port?
Sunday 15 July 2007 15:13:12 Carlos E. R. wrote:
Hi,
>
In the /etc/sysconfig/SuSEfirewall2 file I have:
>
>
FW_SERVICES_EXT_TCP="4662"
>
But entries to that port are logged:
>
Jul 15 14:07:25 nimrodel kernel: SFW2-INext-ACC-TCP IN=eth0 UT=
SRC=189
DST=192.168.1 LEN=48 TS=0x00 PREC=0x00 TTL=112 ID=6454 DF PRT=TCP
SPT=50867 DPT=4662 WINDW=64240 RES=0x00 SYN URGP=0 PT (0204058401010402)
>
As it is a port I opened, I understand it should not be logged, it is not
a "critical" port. I have:
>
FW_LG_DRP_CRIT="yes"
FW_LG_DRP_ALL="yes"
FW_LG_ACCEPT_CRIT="yes"
FW_LG_ACCEPT_ALL="no"
>
>
What could I do so that they are not logged? I want other port logged, but
not those I explicitly opened myself.

Hi,

Since SuSEfirewall is merely a front-end for iptables, you can accomplish what
you need by taking advantage of the following fact:

iptables rules that have a target ACCEPT, DRP or REJECT cause the processing
of subsequent rules to be terminated. To do logging, SuSE firewall sets two
rules for the specific match: forst a LG rule and then a ACCEPT/DRP rule to
specify the packet's fate.

This allows you to do the following:
Editing the / file and find the
fw_custom_before_port_handling() function definition. Inside the function
(that is - before the 'true' command) add a rule that would accept all
traffic to the port in question. That should be something like this:

iptables -t filter -I input_ext -p tcp 4662 -j ACCEPT

You should no longer see any logging output for that port.

A drawback is that you should add a rule for each port you have opened. You
can overcome this by creating a script that would check the firewall's
configuration file in /etc/sysconfig and add ACCEPT rules for each port
opened (mind that services might be specified by both port number and service
name for well-known services, as found in /etc/services file). If you have
trouble writing such a script, please don't hesitate to contact me again.

Best regards.

--
Blade hails you

The music is dead, the amen is said
The kiss of faith is what I beg


PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)


fruFsLpPaEFiluGIpT7IBZg=
=h1D1
PGP SIGNATURE
Reply With Quote
Reply

Viewing: Web Development Archives Mailing Lists Linux Security > How can I tell susefirewall not to log about a certain port?

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway
Stay green...Green IT