[PLUG] Testing iptables rules

Charles Sliger chaz at bctonline.com
Mon Mar 6 17:46:22 UTC 2006


-----Original Message-----
From: plug-bounces at lists.pdxlinux.org
[mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of
plug_0 at robinson-west.com
Sent: Saturday, March 04, 2006 2:41 PM
To: General Linux/UNIX discussion and help; civil and on-topic
Subject: RE: [PLUG] Testing iptables rules

Quoting Charles Sliger <chaz at bctonline.com>:
> -----Original Message-----
> From: plug-bounces at lists.pdxlinux.org
> [mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of
> plug_0 at robinson-west.com
> Sent: Wednesday, March 01, 2006 9:31 PM
> To: General Linux/UNIX discussion and help; civil and on-topic
> Subject: Re: [PLUG] Testing iptables rules
> 
> Using iptables -A INPUT -j LOG --log-prefix="...: " seems to help.  
> Except for one major headache on my Fedora Core 3 system, undesired 
> logging to the console.  Nothing like trying to vim in one Xterm 
> while you watch /var/log/messages on another only to have the 
> messages muddy up your editing window.  I could use good 
> documentation on how to prevent logging to the screen for 
> Redhat and Fedora systems.  I don't know if this happens a lot 
> because of bugs or if there is a simple change that can be done 
> to syslog.conf.  Maybe the kernel logger is to blame, but where 
> is the kernel logger's config file???  This problem doesn't seem
> to really be distro specific.
> 
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
> _______________________________________________
> 
> [chaz> ] Mike,
> Yes, klogd is the culprit.  Make the following config change:
> 
> /etc/sysconfig/syslog
> 	KLOGD_OPTIONS="-x -c 3"
> Sets the default console log level to 3 (ERR).
> This stops iptables log messages from being displayed on the console.
> Regards,
> Chaz
> Charles L. Sliger,  Information Systems Engineer,  chaz at bctonline.com
> "No matter where you go, there you are..."
> _______________________________________________

Looked at klogd man page, says that the definition of the error
levels is in kernel.h.  Well, these aren't under 
/usr/include/linux/kernel.h on my Redhat 7.3 system.
Odd.

I could just say anything higher than level 3 and call it good...

Michael C. Robinson

-------------------------------------------------


[chaz> ] 
I'm not that familiar with RH-7.3
It might be substantially different from RH-9 or CenOS 4.2
I'd still suspect klogd though...
-chaz





More information about the PLUG mailing list