Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

IPCHAINS


With a update to the klogd package (or perhaps it was an update to the netbase package which contains ipchains, I started getting the following log messages written to my console (in addition to /var/log/syslog and in dmesg!):



  Packet log: input DENY ppp0 PROTO=88 125.83.4.1:65535 224.0.0.10:65535 
              L=60 S=0xC0 I=0 F=0x0000 T=2 (#11)

These packets are coming from actdial.togaware.com (125.83.4.1--my connection to the internet) and their CISCO router sending regular EIGRP (PROTO=88) packets. Nothing untoward about this but for some reason the log messages were appearing on the consoles! Every 4 seconds!

Looking at the current ipchains rules we see rule 11 is the default catch-all:



DENY       all  ----l-  anywhere             anywhere              n/a

With the following ipchains command the log messages are stopped:



  # ipchains -I input 11 -i ppp0 -d 224.0.0.10 -j DENY

So that rules 11 and 12 of the input chain are now:



DENY       all  ------  anywhere             IGRP-ROUTERS.MCAST.NET  n/a
DENY       all  ----l-  anywhere             anywhere              n/a

Note that you can save the current rules using:



  # /etc/init.d/ipchains save

which places the saved rules into /etc/ipchains.save. Load them in again with:



  # /etc/init.d/ipchains load

It seems to be okay to flush the old ones when asked.

Unfortunately, this rule is lost each time ppp restarts!

But the actual problem has been found: The log messages have a log level of less than 7, meaning they are more than debug messages. The klogd logger will display messages with a log level less than 7 to the console! This is ``fixed'' by changing, in the file /etc/init.d/klogd the line that says:



  KLOGD=""

to



  KLOGD="-c 5"

The messages are now gone from the console, but still remain in dmesg and /var/log/syslog. Indeed, /var/log/syslog gets filled with these so it still may be best to turn them off with the ipchains rule.

Copyright © 1995-2006 [email protected]

 
 
  Published under the terms fo the GNU General Public License Design by Interspire