With a update to the klogd package (or perhaps it was an
update to the netbase package which contains ipchains, I
started getting the following log messages written to my console (in
addition to /var/log/syslog and in dmesg!):
Packet log: input DENY ppp0 PROTO=88 125.83.4.1:65535 224.0.0.10:65535
L=60 S=0xC0 I=0 F=0x0000 T=2 (#11)
|
These packets are coming from actdial.togaware.com (125.83.4.1--my
connection to the internet) and their CISCO router sending regular
EIGRP (PROTO=88) packets. Nothing untoward about this but for some
reason the log messages were appearing on the consoles! Every 4
seconds!
Looking at the current ipchains rules we see rule 11 is the
default catch-all:
DENY all ----l- anywhere anywhere n/a
|
With the following ipchains command the log messages are stopped:
# ipchains -I input 11 -i ppp0 -d 224.0.0.10 -j DENY
|
So that rules 11 and 12 of the input chain are now:
DENY all ------ anywhere IGRP-ROUTERS.MCAST.NET n/a
DENY all ----l- anywhere anywhere n/a
|
Note that you can save the current rules using:
# /etc/init.d/ipchains save
|
which places the saved rules into /etc/ipchains.save. Load
them in again with:
# /etc/init.d/ipchains load
|
It seems to be okay to flush the old ones when asked.
Unfortunately, this rule is lost each time ppp restarts!
But the actual problem has been found: The log messages have a log
level of less than 7, meaning they are more than debug messages. The
klogd logger will display messages with a log level less than
7 to the console! This is ``fixed'' by changing, in the file
/etc/init.d/klogd the line that says:
to
The messages are now gone from the console, but still remain in
dmesg and /var/log/syslog. Indeed,
/var/log/syslog gets filled with these so it still may be
best to turn them off with the ipchains rule.
Copyright © 1995-2006 [email protected]
|