A weird thing happend today, I was checking my logcheck emails and at some point in time during the day a bunch of lines like the ones below started to appear. I logged in on lish and there were hundreds of them.

IN-internet:IN=eth0 OUT= MAC=fe:fd:43:12:b0:3a:00:03:6b:52:10:c2:08:00 SRC=70.249.189.176 DST=70.85.31.14 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=30315 DF PROTO=TCP SPT=4890 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
IN-internet:IN=eth0 OUT= MAC=fe:fd:43:12:b0:3a:00:03:6b:52:10:c2:08:00 SRC=65.95.247.160 DST=67.18.176.58 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=41305 DF PROTO=TCP SPT=4567 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0

Does anyone know how I can get rid of this?

These are firewall logs. Have you recently installed firehol or some other firewall script?

Michael

Those are from your iptable rules. Not sure of a way to get rid of them.

-Chris

I installed firehol, is that is what is writing it to the console?

It used to run on my server before I upgraded to Debain 3.1 and it didn't do this with the previous version of debian.

I'm not familliar with firehol as I've never used it but you /should/ be able to tell it to tell iptables to log to ulogd or syslog rather then the console. If it is already sending logging to syslog, syslog may be the one dumping it to the console.

Michael

Thanks for your help,

I looked at the documentation and told firehol to only log error messages, not every packet that it recieves and as far as I know it's logging it to a log file, not to the console, but only time will tell

- Robbert

Try adding this to your /etc/firehol/firehol.conf file:

FIREHOL_LOG_MODE="ULOG"

Making sure you have ulogd installed of course. Upon restart of firehol my console was free of these messages.