forked from extern/shorewall_code
Improve answer to FAQ 16
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1084 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
8daac8c200
commit
c11a1f6b95
@ -17,7 +17,7 @@
|
|||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>2004-01-09</pubdate>
|
<pubdate>2004-01-20</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2004</year>
|
<year>2001-2004</year>
|
||||||
@ -984,11 +984,43 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP</programlis
|
|||||||
|
|
||||||
<para><emphasis role="bold">Answer:</emphasis> If you are running
|
<para><emphasis role="bold">Answer:</emphasis> If you are running
|
||||||
Shorewall version 1.4.4 or 1.4.4a then check the <ulink url="errata.htm">errata</ulink>.
|
Shorewall version 1.4.4 or 1.4.4a then check the <ulink url="errata.htm">errata</ulink>.
|
||||||
Otherwise, see the <quote>dmesg</quote> man page (<quote>man dmesg</quote>).
|
Otherwise:</para>
|
||||||
You must add a suitable <quote>dmesg</quote> command to your startup
|
|
||||||
scripts or place it in /etc/shorewall/start. Under RedHat, the max log
|
<itemizedlist>
|
||||||
level that is sent to the console is specified in /etc/sysconfig/init in
|
<listitem>
|
||||||
the LOGLEVEL variable.</para>
|
<para>Find where klogd is being started (it will be from one of the
|
||||||
|
files in /etc/init.d -- sysklogd, klogd, ...). Modify that file or
|
||||||
|
the appropriate configuration file so that klogd is started with
|
||||||
|
<quote>-c <emphasis><n></emphasis></quote> where
|
||||||
|
<emphasis><n></emphasis> is a log level of 5 or less; or</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>See the <quote>dmesg</quote> man page (<quote>man dmesg</quote>).
|
||||||
|
You must add a suitable <quote>dmesg</quote> command to your startup
|
||||||
|
scripts or place it in /etc/shorewall/start.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<tip>
|
||||||
|
<para>Under RedHat and Mandrake, the max <ulink
|
||||||
|
url="shorewall_logging.html">log level</ulink> that is sent to the
|
||||||
|
console is specified in /etc/sysconfig/init in the LOGLEVEL variable.
|
||||||
|
Set <quote>LOGLEVEL=5</quote> to suppress info (log level 6) messages
|
||||||
|
on the console.</para>
|
||||||
|
</tip>
|
||||||
|
|
||||||
|
<tip>
|
||||||
|
<para>Under Debian, you can set KLOGD=<quote>-c 5</quote> in
|
||||||
|
/etc/init.d/klogd to suppress info (log level 6) messages on the
|
||||||
|
console.</para>
|
||||||
|
</tip>
|
||||||
|
|
||||||
|
<tip>
|
||||||
|
<para>Under SuSE, add <quote>-c 5</quote> to KLOGD_PARAMS in
|
||||||
|
/etc/sysconfig/syslog to suppress info (log level 6) messages on the
|
||||||
|
console.</para>
|
||||||
|
</tip>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="faq17">
|
<section id="faq17">
|
||||||
@ -1089,7 +1121,7 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP</programlis
|
|||||||
is not part of any current connection yet it is not a syn packet.
|
is not part of any current connection yet it is not a syn packet.
|
||||||
Options affecting the logging of such packets include <emphasis
|
Options affecting the logging of such packets include <emphasis
|
||||||
role="bold">NEWNOTSYN</emphasis> and <emphasis role="bold">LOGNEWNOTSYN</emphasis>
|
role="bold">NEWNOTSYN</emphasis> and <emphasis role="bold">LOGNEWNOTSYN</emphasis>
|
||||||
in <ulink url="ocumentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.</para>
|
in <ulink url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1877,7 +1909,9 @@ Creating input Chains...
|
|||||||
<appendix>
|
<appendix>
|
||||||
<title>Revision History</title>
|
<title>Revision History</title>
|
||||||
|
|
||||||
<para><revhistory><revision><revnumber>1.10</revnumber><date>2004-01-09</date><authorinitials>TE</authorinitials><revremark>Added
|
<para><revhistory><revision><revnumber>1.12</revnumber><date>2004-01-20</date><authorinitials>TE</authorinitials><revremark>Improve
|
||||||
|
FAQ 16 answer.</revremark></revision><revision><revnumber>1.11</revnumber><date>2004-01-14</date><authorinitials>TE</authorinitials><revremark>Corrected
|
||||||
|
broken link</revremark></revision><revision><revnumber>1.10</revnumber><date>2004-01-09</date><authorinitials>TE</authorinitials><revremark>Added
|
||||||
a couple of more legacy FAQ numbers.</revremark></revision><revision><revnumber>1.9</revnumber><date>2004-01-08</date><authorinitials>TE</authorinitials><revremark>Corrected
|
a couple of more legacy FAQ numbers.</revremark></revision><revision><revnumber>1.9</revnumber><date>2004-01-08</date><authorinitials>TE</authorinitials><revremark>Corrected
|
||||||
typo in FAQ 26a. Added warning to FAQ 2 regarding source address of
|
typo in FAQ 26a. Added warning to FAQ 2 regarding source address of
|
||||||
redirected requests.</revremark></revision><revision><revnumber>1.8</revnumber><date>2003-12-31</date><authorinitials>TE</authorinitials><revremark>Additions
|
redirected requests.</revremark></revision><revision><revnumber>1.8</revnumber><date>2003-12-31</date><authorinitials>TE</authorinitials><revremark>Additions
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user