holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Improve answer to FAQ 16

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1084 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-01-20 20:06:57 +00:00
parent 8daac8c200
commit c11a1f6b95
1 changed files with 42 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
Shorewall-docs/FAQ.xml
View File

@ -17,7 +17,7 @@
</author>
</authorgroup>
<pubdate>2004-01-09</pubdate>
<pubdate>2004-01-20</pubdate>
<copyright>
<year>2001-2004</year>
@ -984,11 +984,43 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP</programlis
<para><emphasis role="bold">Answer:</emphasis> If you are running
Shorewall version 1.4.4 or 1.4.4a then check the <ulink url="errata.htm">errata</ulink>.
Otherwise, see the <quote>dmesg</quote> man page (<quote>man dmesg</quote>).
You must add a suitable <quote>dmesg</quote> command to your startup
scripts or place it in /etc/shorewall/start. Under RedHat, the max log
level that is sent to the console is specified in /etc/sysconfig/init in
the LOGLEVEL variable.</para>
Otherwise:</para>
<itemizedlist>
<listitem>
<para>Find where klogd is being started (it will be from one of the
files in /etc/init.d -- sysklogd, klogd, ...). Modify that file or
the appropriate configuration file so that klogd is started with
<quote>-c <emphasis>&#60;n&#62;</emphasis></quote> where
<emphasis>&#60;n&#62;</emphasis> is a log level of 5 or less; or</para>
</listitem>
<listitem>
<para>See the <quote>dmesg</quote> man page (<quote>man dmesg</quote>).
You must add a suitable <quote>dmesg</quote> command to your startup
scripts or place it in /etc/shorewall/start.</para>
</listitem>
</itemizedlist>
<tip>
<para>Under RedHat and Mandrake, the max <ulink
url="shorewall_logging.html">log level</ulink> that is sent to the
console is specified in /etc/sysconfig/init in the LOGLEVEL variable.
Set <quote>LOGLEVEL=5</quote> to suppress info (log level 6) messages
on the console.</para>
</tip>
<tip>
<para>Under Debian, you can set KLOGD=<quote>-c 5</quote> in
/etc/init.d/klogd to suppress info (log level 6) messages on the
console.</para>
</tip>
<tip>
<para>Under SuSE, add <quote>-c 5</quote> to KLOGD_PARAMS in
/etc/sysconfig/syslog to suppress info (log level 6) messages on the
console.</para>
</tip>
</section>
<section id="faq17">
@ -1089,7 +1121,7 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP</programlis
is not part of any current connection yet it is not a syn packet.
Options affecting the logging of such packets include <emphasis
role="bold">NEWNOTSYN</emphasis> and <emphasis role="bold">LOGNEWNOTSYN</emphasis>
in <ulink url="ocumentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.</para>
in <ulink url="Documentation.htm#Conf">/etc/shorewall/shorewall.conf</ulink>.</para>
</listitem>
</varlistentry>
@ -1877,7 +1909,9 @@ Creating input Chains...
<appendix>
<title>Revision History</title>
<para><revhistory><revision><revnumber>1.10</revnumber><date>2004-01-09</date><authorinitials>TE</authorinitials><revremark>Added
<para><revhistory><revision><revnumber>1.12</revnumber><date>2004-01-20</date><authorinitials>TE</authorinitials><revremark>Improve
FAQ 16 answer.</revremark></revision><revision><revnumber>1.11</revnumber><date>2004-01-14</date><authorinitials>TE</authorinitials><revremark>Corrected
broken link</revremark></revision><revision><revnumber>1.10</revnumber><date>2004-01-09</date><authorinitials>TE</authorinitials><revremark>Added
a couple of more legacy FAQ numbers.</revremark></revision><revision><revnumber>1.9</revnumber><date>2004-01-08</date><authorinitials>TE</authorinitials><revremark>Corrected
typo in FAQ 26a. Added warning to FAQ 2 regarding source address of
redirected requests.</revremark></revision><revision><revnumber>1.8</revnumber><date>2003-12-31</date><authorinitials>TE</authorinitials><revremark>Additions