GNU/Linux Desktop Survival Guide
by Graham Williams |
|||||
IPCHAINS |
With a update to the klogd package (or perhaps it was an update to the netbase package which contains ipchains, I started getting the following log messages written to my console (in addition to /var/log/syslog and in dmesg!):
Packet log: input DENY ppp0 PROTO=88 125.83.4.1:65535 224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x0000 T=2 (#11) |
These packets are coming from actdial.togaware.com (125.83.4.1—my connection to the internet) and their CISCO router sending regular EIGRP (PROTO=88) packets. Nothing untoward about this but for some reason the log messages were appearing on the consoles! Every 4 seconds!
Looking at the current ipchains rules we see rule 11 is the default catch-all:
DENY all ----l- anywhere anywhere n/a |
With the following ipchains command the log messages are stopped:
# ipchains -I input 11 -i ppp0 -d 224.0.0.10 -j DENY |
So that rules 11 and 12 of the input chain are now:
DENY all ------ anywhere IGRP-ROUTERS.MCAST.NET n/a DENY all ----l- anywhere anywhere n/a |
Note that you can save the current rules using:
# /etc/init.d/ipchains save |
which places the saved rules into /etc/ipchains.save. Load them in again with:
# /etc/init.d/ipchains load |
It seems to be okay to flush the old ones when asked.
Unfortunately, this rule is lost each time ppp restarts!
But the actual problem has been found: The log messages have a log level of less than 7, meaning they are more than debug messages. The klogd logger will display messages with a log level less than 7 to the console! This is “fixed” by changing, in the file /etc/init.d/klogd the line that says:
KLOGD="" |
to
KLOGD="-c 5" |
The messages are now gone from the console, but still remain in dmesg and /var/log/syslog. Indeed, /var/log/syslog gets filled with these so it still may be best to turn them off with the ipchains rule.