I have Shorewall firewall setup on a Debian server which is working fine. I get various log entries in /var/log/messages when packets are dropped, as expected, for example:
Aug 17 19:09:07 cheetah kernel: [80026654.168568] Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:30:48:8a:5c:cc:00:04:4d:de:18:c2:08:00 SRC=123.123.123.123 DST=111.111.111.111 LEN=500 TOS=0x00 PREC=0x00 TTL=121 ID=24371 PROTO=UDP SPT=500 DPT=500 LEN=480
I don't have any services on my server listening on port 500. There are plenty of other entries like this as well with other destination ports from people doing port scans, etc (e.g., people trying to connect to RDP on 3389, etc)
My question is, how would I go about preventing these dropped packets from being logged? Google is not providing any help and I can't find anything about that on Shorewall's web site either. I understand that it's important to log them so I know what's hitting my system, but I'm also curious how I would prevent the logging if I wanted to. Specifically how would I prevent logging for a specific IP address AND/OR port only (e.g., prevent logging for all dropped packets from a given IP, or prevent logging for all dropped packets attempting to connect to a specific port).
The answer may be to just put an explicit DROP rule into /etc/shorewall/rules which I'm considering (and I assume that since a rule would be matched that no logging would occur), but I wanted to investigate my options here first to see what everyone thinks.
Thanks
