Re: [SLE] SuSEfirewall2 logging
From: David Krider (david_at_davidkrider.com)
To: email@example.com Date: 13 Sep 2003 17:26:18 -0500
On Fri, 2003-09-12 at 18:40, Carlos E. R. wrote:
> The 03.09.12 at 13:53, David Krider wrote:
> > > FW_LOG_ACCEPT_CRIT="yes"
> > > FW_LOG_ACCEPT_ALL="no"
> > I was afraid of this. Both of these entries are set to no in my config
> > file, yet I continue to get the reports in my log. Any other ideas?
> On a machine I set up for a friend, I discovered I was adjusting
> susefirewall2, and he was using the other one, because it was setup
> automatically by yast after changing something on the network setup.
I have stopped and restarted this thing many times in trying to sort
this out. That alleviates one response. I haven't run SuSEconfig in any
of this, so that should rule out the /etc/sysconfig/SuSEfirewall2 script
getting rewritten on the fly.
I use the following two rules in FW_FORWARD to get NFS passed between my
DMZ and my internal network:
The interesting thing to me is that the only thing that I keep getting
FW-ACCEPT messages for are the responses from port 800 in my DMZ back to
my internal network. They always look like this:
Sep 13 17:21:39 reliant kernel: SuSE-FW-ACCEPT IN=eth1 OUT=eth0
SRC=192.168.1.2 DST=192.168.4.200 LEN=148 TOS=0x00 PREC=0x00 TTL=63
ID=30811 DF PROTO=UDP SPT=2049 DPT=800 LEN=128
My guess is that this has something to do with the fact that it's UDP
traffic, or that it's a low port, but I also have this rule for printing
And I never get any messages about that one. I also do NOT get the
messages when I access the NFS share from the firewall. This is being
taken care of here:
Again, anyone know why I'd get those messages for that one rule, and not
the others? Perhaps I should send this to the maintainer of
-- Check the headers for your unsubscription address For additional commands send e-mail to firstname.lastname@example.org Also check the archives at http://lists.suse.com Please read the FAQs: email@example.com