Odd PF Denied Message
nvass at teledomenet.gr
Fri Oct 19 00:14:27 PDT 2007
On Friday 19 October 2007 07:06:35 Ian Smith wrote:
> On Thu, 18 Oct 2007 19:36:27 +0300 Nikos Vassiliadis wrote:
> > If that's the only message you get
> > you must be protected, at least packet_filtering-wise.
> > I think log_in_vain can be used when configuring a firewall.
> > Just to see quickly if your firewall works as expected and
> > then turn it off. Otherwise it is just going to create tons
> > of irrelevant log messages.
> On the contrary .. if your firewall is working correctly, you shouldn't
> ever be seeing connection attempts to non-listening ports, especially
> from outside.
Hey, we are saying the same thing, aren't we?
> log_in_vain messages indicate some attention is needed,
> either to block or reset those connections, or to provide a listener :)
> so removing log_in_vain (shooting the messenger) may not be a good idea.
Hm, almost the same thing. I tend to disagree with this. I prefer
log_in_vain off because usually a server will live in a DMZ. And
most of the time we donot bother runnning local firewalls one each
server and some will say it's wrong to do firewalling on each/a server.
Just one firewall protecting the DMZ. Other computing systems
living in the DMZ can cause noise, irrelevant log messages.
I remember a case where delayed replies from the DNS server were
logged by the kernel creating noise and bloating the logs.
But we basically say the same thing... Use log_in_vain to see what
passes your firewall and "touches" your servers. I prefer to turn
it off afterwards, Ian prefers to let it on.
More information about the freebsd-questions