Avoid filling up syslog with useless firewall messages

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this

Avoid filling up syslog with useless firewall messages

Postby xenopeek on Sun Sep 02, 2012 4:25 pm

When using UFW (the default firewall for all Linux Mint editions except for LMDE) your /var/log/syslog can quickly fill up with useless firewall messages such as the following (this is one line, but wrapped in output here):
Sep 2 21:42:47 machine kernel: [45908.536890] [UFW BLOCK] IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC= DST= LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=40487 PROTO=2

On my machine this is logged every two minutes, making it harder to find messages of actual importance in the syslog. The clue of this message is highlighted in red; it is just your router trying to discover what machines on the network support multicast (see Wikipedia).

It is harmless traffic, but if you prefer to keep your syslog clear of this you can do so by adding a rule to UFW:
Code: Select all
sudo ufw deny in to

This is only useful if you have enabled UFW. You can check the status of UFW:
Code: Select all
sudo ufw status verbose

It should report similar as below highlighted in red:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To Action From
-- ------ ---- DENY IN Anywhere
User avatar
Level 23
Level 23
Posts: 18181
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Linux Mint is funded by ads and donations.

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 10 guests