search

arno-iptables-firewall / aif

GNU General Public License v2.0
151 stars 24 forks source link

Disable "Dropped INPUT packet" logging? #91

Closed stephen-smith closed 11 months ago

stephen-smith commented 1 year ago

How do I disable this logs coming from this line?

https://github.com/arno-iptables-firewall/aif/blob/master/bin/arno-iptables-firewall#L5322

iptables -A INPUT -m limit --limit 1/s -j LOG --log-level $LOGLEVEL --log-prefix "AIF:Dropped INPUT packet: "

Most log rules have some *_LOG variable in firewall.conf, but I couldn't find a way to disable this one. I don't find the messages useful and would like to disable them.

abelbeck commented 1 year ago

Looking at the AIF:Dropped INPUT packet: logs, are these local devices? Possibly you have an internal network with a device not matching your AIF configuration?

From my experience this type of log is useful and should not be ignored, possibly you have an AIF misconfiguration somewhere. I would start there.

stephen-smith commented 1 year ago

I don't have control over the local network configuration. Most of the logs appear to be some device sending UDP packets to the broadcast address and probably some cheap wireless repeater sending them to the wrong place, I guess. I'm not interested in "fixing" any misconfiguration on that device or the network in general; I don't need these message in my logs.

Mar 03 16:02:02 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:64:90:c1:19:e1:21:08:00 SRC=192.168.254.65 DST=192.168.254.255 LEN=107 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45733 DPT=58866 LEN=87
Mar 03 16:02:02 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:82:3f:5d:07:c1:60:08:00 SRC=192.168.254.90 DST=255.255.255.255 LEN=200 TOS=0x00 PREC=0x00 TTL=255 ID=18455 PROTO=UDP SPT=49154 DPT=6667 LEN=180
Mar 03 16:02:03 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:71:db:a8:ff:34:08:00 SRC=192.168.254.95 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=12076 DF PROTO=UDP SPT=3000 DPT=2000 LEN=12
Mar 03 16:02:03 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:82:3f:5d:07:c1:60:08:00 SRC=192.168.254.70 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=128 ID=48490 PROTO=UDP SPT=64320 DPT=2000 LEN=12
Mar 03 16:02:03 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:82:3f:5d:07:c1:60:08:00 SRC=192.168.254.70 DST=192.168.254.255 LEN=32 TOS=0x00 PREC=0x00 TTL=128 ID=4900 PROTO=UDP SPT=64320 DPT=2000 LEN=12
Mar 03 16:02:05 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:71:db:a8:ff:34:08:00 SRC=192.168.254.95 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=12164 DF PROTO=UDP SPT=3000 DPT=2000 LEN=12
Mar 03 16:02:07 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:64:90:c1:19:e1:21:08:00 SRC=192.168.254.65 DST=192.168.254.255 LEN=107 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57126 DPT=58866 LEN=87
Mar 03 16:02:07 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:71:db:a8:ff:34:08:00 SRC=192.168.254.95 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=12209 DF PROTO=UDP SPT=3000 DPT=2000 LEN=12
Mar 03 16:02:07 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:82:3f:5d:07:c1:60:08:00 SRC=192.168.254.90 DST=255.255.255.255 LEN=200 TOS=0x00 PREC=0x00 TTL=255 ID=18458 PROTO=UDP SPT=49154 DPT=6667 LEN=180
Mar 03 16:02:09 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:71:db:a8:ff:34:08:00 SRC=192.168.254.95 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=12256 DF PROTO=UDP SPT=3000 DPT=2000 LEN=12
Mar 03 16:02:11 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:71:db:a8:ff:34:08:00 SRC=192.168.254.95 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=12423 DF PROTO=UDP SPT=3000 DPT=2000 LEN=12
Mar 03 16:02:12 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:64:90:c1:19:e1:21:08:00 SRC=192.168.254.65 DST=192.168.254.255 LEN=107 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=43805 DPT=58866 LEN=87
Mar 03 16:02:12 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:82:3f:5d:07:c1:60:08:00 SRC=192.168.254.90 DST=255.255.255.255 LEN=200 TOS=0x00 PREC=0x00 TTL=255 ID=18459 PROTO=UDP SPT=49154 DPT=6667 LEN=180
Mar 03 16:02:13 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:71:db:a8:ff:34:08:00 SRC=192.168.254.95 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=12555 DF PROTO=UDP SPT=3000 DPT=2000 LEN=12
Mar 03 16:02:13 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:82:3f:5d:07:c1:60:08:00 SRC=192.168.254.70 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=128 ID=48493 PROTO=UDP SPT=64321 DPT=2000 LEN=12
Mar 03 16:02:15 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:71:db:a8:ff:34:08:00 SRC=192.168.254.95 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x00 TTL=64 ID=12738 DF PROTO=UDP SPT=3000 DPT=2000 LEN=12
Mar 03 16:02:17 monster kernel: AIF:Dropped INPUT packet: IN=wlp5s0 OUT= MAC=ff:ff:ff:ff:ff:ff:64:90:c1:19:e1:21:08:00 SRC=192.168.254.65 DST=192.168.254.255 LEN=107 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=52790 DPT=58866 LEN=87
abelbeck commented 1 year ago

Is this a single interface AIF config with EXT_IF="wlp5s0" ? Or a router with both EXT_IF and INT_IF defined?

stephen-smith commented 1 year ago

It's not a router, just my desktop. But, EXT_IF is set to a non-empty value AND that value is wrong, so I will update that. (I used to use wired network exclusively, and have the wireless disabled in BIOS, so my wireless interface isn't listed there.)

stephen-smith commented 11 months ago

I should have closed this ages ago. After I fixed EXT_IF, things started working as documented.