Page 1 of 1

Avoid filling up syslog with useless firewall messages

Posted: Sun Sep 02, 2012 4:25 pm
by xenopeek
When using UFW (the default firewall for all Linux Mint editions except for LMDE) your /var/log/syslog can quickly fill up with useless firewall messages such as the following (this is one line, but wrapped in output here):
Sep 2 21:42:47 machine kernel: [45908.536890] [UFW BLOCK] IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=40487 PROTO=2
On my machine this is logged every two minutes, making it harder to find messages of actual importance in the syslog. The clue of this message is highlighted in red; it is just your router trying to discover what machines on the network support multicast (see Wikipedia).

It is harmless traffic, but if you prefer to keep your syslog clear of this you can do so by adding a rule to UFW:

Code: Select all

sudo ufw deny in to 224.0.0.1
This is only useful if you have enabled UFW. You can check the status of UFW:

Code: Select all

sudo ufw status verbose
It should report similar as below highlighted in red:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To Action From
-- ------ ----
224.0.0.1 DENY IN Anywhere

Re: Avoid filling up syslog with useless firewall messages

Posted: Sat Oct 17, 2020 3:45 pm
by blueicetwice
Tanks for the tip Zenopeek. Rule added to firewall.