Closed yarikoptic closed 1 year ago
This is by design: This is a catch-all rule on the input-chain which, when properly configured, should never be hit. If it does, it normally means there's a network-interface missing in the configuration.
oh, makes so much sense... I will try to remember that. May be LOG could state that e.g. AIF:Dropped INPUT (check config) packet:
or alike? but overall I think the issue is resolved and someone might find an answer here ;)
I have a Debian laptop with
and needed to monitor
dmesg --follow
but it was flooded, decided to disable loggingso I set all LOG= targets found in config to 0
```shell bilena# git grep LOG= firewall.conf:# Note: To enable logging of dropped private addresses set RESERVED_NET_LOG=1 firewall.conf:BLOCKED_HOST_LOG=0 firewall.conf:SCAN_LOG=0 firewall.conf:POSSIBLE_SCAN_LOG=0 firewall.conf:INVALID_TCP_LOG=0 firewall.conf:INVALID_UDP_LOG=0 firewall.conf:INVALID_ICMP_LOG=0 firewall.conf:RESERVED_NET_LOG=0 firewall.conf:INET_OUTPUT_DENY_LOG=0 firewall.conf:LAN_OUTPUT_DENY_LOG=0 firewall.conf:LAN_INPUT_DENY_LOG=0 firewall.conf:DMZ_OUTPUT_DENY_LOG=0 firewall.conf:DMZ_INPUT_DENY_LOG=0 firewall.conf:FORWARD_DROP_LOG=0 firewall.conf:LINK_LOCAL_DROP_LOG=0 firewall.conf:ICMP_REQUEST_LOG=0 firewall.conf:ICMP_OTHER_LOG=0 firewall.conf:PRIV_TCP_LOG=0 firewall.conf:PRIV_UDP_LOG=0 firewall.conf:UNPRIV_TCP_LOG=0 firewall.conf:UNPRIV_UDP_LOG=0 firewall.conf:IGMP_LOG=0 firewall.conf:OTHER_IP_LOG=0 firewall.conf:ICMP_FLOOD_LOG=0 firewall.conf:BROADCAST_TCP_NOLOG="" firewall.conf:#BROADCAST_UDP_NOLOG="67 68" firewall.conf:HOST_DENY_TCP_NOLOG="" firewall.conf:HOST_DENY_UDP_NOLOG="" firewall.conf:HOST_DENY_IP_NOLOG="" firewall.conf:HOST_DENY_ICMP_NOLOG="" firewall.conf:HOST_REJECT_TCP_NOLOG="" firewall.conf:HOST_REJECT_UDP_NOLOG="" firewall.conf:DENY_TCP_NOLOG="" firewall.conf:DENY_UDP_NOLOG="" firewall.conf:REJECT_TCP_NOLOG="" firewall.conf:REJECT_UDP_NOLOG="" plugins/mac-address-filter.conf:MAC_ADDRESS_LOG=0 plugins/parasitic-net.conf:PARASITIC_NET_DENY_LOG=0 plugins/pptp-vpn.conf:PPTP_VPN_DENY_LOG=0 ```But I still have one last one LOG left -- it seems there is no variable for it in the config? or that
OTHER_IP_LOG
is not in effect?