Avoid filling up syslog with useless firewall messages

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
User avatar
xenopeek
Level 23
Level 23
Posts: 19252
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Avoid filling up syslog with useless firewall messages

Postby xenopeek » Sun Sep 02, 2012 4:25 pm

When using UFW (the default firewall for all Linux Mint editions except for LMDE) your /var/log/syslog can quickly fill up with useless firewall messages such as the following (this is one line, but wrapped in output here):
Sep 2 21:42:47 machine kernel: [45908.536890] [UFW BLOCK] IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=40487 PROTO=2

On my machine this is logged every two minutes, making it harder to find messages of actual importance in the syslog. The clue of this message is highlighted in red; it is just your router trying to discover what machines on the network support multicast (see Wikipedia).

It is harmless traffic, but if you prefer to keep your syslog clear of this you can do so by adding a rule to UFW:

Code: Select all

sudo ufw deny in to 224.0.0.1

This is only useful if you have enabled UFW. You can check the status of UFW:

Code: Select all

sudo ufw status verbose

It should report similar as below highlighted in red:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To Action From
-- ------ ----
224.0.0.1 DENY IN Anywhere
Image

Return to “Tutorials”

Who is online

Users browsing this forum: No registered users and 4 guests