PDA

View Full Version : var/log/firewall file size increase non stop



acahuzac
08-Jan-2015, 14:32
When I ssh (or ssh -X or ssh -Y) to my Suse SLED11-3, with my Fedora20 computer, each time I type a caracter on my Fedora console, this line (or similar) :


Jan 8 12:19:29 newwind-calc kernel: [74632.467271] SFW2-IN-ACC-EST IN=eth0 OUT= MAC=50:16:7e:37:64:2b:d4:3d:7e:97:0a:bd:08:00 SRC=IP of Fedora Computer DST=10.2.2.253 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=24963 DF PROTO=TCP SPT=43767 DPT=22 WINDOW=16465 RES=0x00 ACK URGP=0 OPT (0101080A04654FF4011C02E9)
is appended to the /var/log/firewall file on the Suse computer. The file size is in Go by the end of the day. This bother me quite a lot...

I tried to find informations on the "SuSEfirewall2" and tried to add to "/etc/sysconfig/SuSEfirewall2"

FW_TRUSTED_NETS="IP of Fedora Computer"
FW_SERVICES_TRUSTED_TCP="1:65535"
FW_SERVICES_TRUSTED_UDP="1:65535"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" # was: yes
FW_ALLOW_INCOMING_HIGHPORTS_UDP="dns" # was: yes
FW_ALLOW_PING_FW="no" # was: yes
as I saw recommanded I dont remember where. This did not change a thing.

I am not (at all) familiar with firewall configuration. Moreover, I can not acces the "Firewall" on Yast. When I clic it, nothing happens.

Thank you for your help ! I will provide any information missing as needed, but please give me details on how to optain each piece of information :-)

acahuzac
08-Jan-2015, 14:56
OK ! Problem soveld !

Had to modify the lines of "/etc/sysconfig/SuSEfirewall2"

FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_ALL="yes"

to

FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_ALL="no"

and then restart firewall :

sudo /sbin/SuSEfirewall2 stop
sudo /sbin/SuSEfirewall2 start

ab
08-Jan-2015, 15:00
On 01/08/2015 06:34 AM, acahuzac wrote:
>
> Code:
> --------------------
> FW_TRUSTED_NETS="IP of Fedora Computer"
> FW_SERVICES_TRUSTED_TCP="1:65535"
> FW_SERVICES_TRUSTED_UDP="1:65535"
> FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" # was: yes
> FW_ALLOW_INCOMING_HIGHPORTS_UDP="dns" # was: yes
> FW_ALLOW_PING_FW="no" # was: yes
> --------------------
>
> as I saw recommanded I dont remember where. This did not change a thing.

This should really be done from within Yast, which you mentioned...

> I am not (at all) familiar with firewall configuration. Moreover, I can
> not acces the "Firewall" on Yast. When I clic it, nothing happens.

From the command line try the following:



sudo /sbin/yast firewall


Hopefully it works, or at least you can get some output about why things
are not working properly.

> Thank you for your help ! I will provide any information missing as
> needed, but please give me details on how to optain each piece of
> information :-)

To see which rule is causing this log message, run the following:



sudo /usr/sbin/iptables-save | grep SFW2-IN-ACC-EST


If that does not return anything somehow (doubtful), try removing the grep
portion and just post all of your iptables rules.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

mikewillis
08-Jan-2015, 15:21
OK ! Problem soveld !

Had to modify the lines of "/etc/sysconfig/SuSEfirewall2"

FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_ALL="yes"

to

FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_ALL="no"

and then restart firewall :

sudo /sbin/SuSEfirewall2 stop
sudo /sbin/SuSEfirewall2 start

For reference, both those are set to 'no' by default, so they must have been changed to 'yes' on your machine at some point.