Avoid filling up syslog with useless firewall messages

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
Post Reply
User avatar
Level 24
Level 24
Posts: 24983
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Avoid filling up syslog with useless firewall messages

Post by xenopeek »

When using UFW (the default firewall for all Linux Mint editions except for LMDE) your /var/log/syslog can quickly fill up with useless firewall messages such as the following (this is one line, but wrapped in output here):
Sep 2 21:42:47 machine kernel: [45908.536890] [UFW BLOCK] IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC= DST= LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=40487 PROTO=2
On my machine this is logged every two minutes, making it harder to find messages of actual importance in the syslog. The clue of this message is highlighted in red; it is just your router trying to discover what machines on the network support multicast (see Wikipedia).

It is harmless traffic, but if you prefer to keep your syslog clear of this you can do so by adding a rule to UFW:

Code: Select all

sudo ufw deny in to
This is only useful if you have enabled UFW. You can check the status of UFW:

Code: Select all

sudo ufw status verbose
It should report similar as below highlighted in red:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To Action From
-- ------ ---- DENY IN Anywhere
User avatar
Level 2
Level 2
Posts: 79
Joined: Wed May 25, 2016 8:12 am

Re: Avoid filling up syslog with useless firewall messages

Post by blueicetwice »

Tanks for the tip Zenopeek. Rule added to firewall.
Post Reply

Return to “Tutorials”