[Tfug] Muting Firewall Kernel Log Messages
John Gruenenfelder
jetpackjohn at gmail.com
Mon Oct 22 01:14:14 MST 2012
Greetings,
Until recently I did not have any sort of firewall on my laptop, even
an extremely basic one. I didn't think it was particularly important
since I am not running anything that can be remotely accessed except
SSH. For completeness sake, though, I decided to install the Debian
uif package which makes creating even a moderately complex firewall
very easy. My needs were simpler still, so setting it up wasn't a
problem.
Now, however, just having *a* firewall in place results in a number of
additional issues being logged. In particular, I seem to get the
following at a rate of perhaps 15-20 per hour, with at least 95% on
port 443 and the remainder on port 80:
[160984.126015] FW INVALID STATE: IN=wlan0 OUT= MAC=wlan0-MAC-addr
SRC=74.125.224.164 DST=192.168.1.130 LEN=40 TOS=0x00 PREC=0x00 TTL=55
ID=52826 PROTO=TCP SPT=443 DPT=36285 WINDOW=0 RES=0x00 RST URGP=0
I'm not entirely sure what is causing this, but the only port 443
connection that I have up virtually all the time is a browser tab for
GMail. Looking at the SRC addresses shows that they come from a number
of locations. Usually the same SRC will cause several messages in a
row, then another IP for a few messages, then another, and so on.
I'm not really concerned about this, rather I'm more interested, as
the subject says, in finding a method to mute these things. I often
peer at the 'dmesg' output looking for various actual errors or status
messages and these things are clogging up the output.
Any ideas on how to mute them, or ideas on how to actually correct
what is causing them so they go away in the "proper" manner? Thanks!
--John Gruenenfelder Systems Manager, MKS Imaging Technology, LLC.
Try Weasel Reader for Palm OS -- http://weaselreader.org
"This is the most fun I've had without being drenched in the blood
of my enemies!"
--Sam of Sam & Max
More information about the tfug
mailing list