Limiting intra-LAN traffic and messages in /var/syslog
by RDK_RasPi from LinuxQuestions.org on (#5N9DW)
I've tried to post this question on another site, but got no replies. Maybe it is a naive or dumb question, but I'm more than curious for an answer.
As a learning project I'm building a secure web/Email server on a Raspberry Pi V4, Buster OS. it is nearly operational. However, as I'm looking through the various log files for errors or misconfigurations, I'm seeing some records in the /var/syslog file which I would like eliminate. For example:
For #2, I thought I already had rules to address the broadcast traffic, but I'm still seeing the syslog messages.
My LAN IP address are 10.0.7.0/24 and the Pi 4 webserver's address is 10.0.7.92.
My IPTables rules are below:
Quote:
I suspect it is my lack of fundamental understanding of how IPTables works. Can someone point me in the right direction?
Thanks for any comments and suggestions....RDK
As a learning project I'm building a secure web/Email server on a Raspberry Pi V4, Buster OS. it is nearly operational. However, as I'm looking through the various log files for errors or misconfigurations, I'm seeing some records in the /var/syslog file which I would like eliminate. For example:
- ... EMail kernel: [ 884.407792] iptables denied: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:9c:c9:eb:f8:1e:16:08:00 SRC=10.0.7.13 DST=10.0.7.255 LEN=243 TOS=0x00 PREC=0x00 TTL=64 ...
- ... EMail kernel: [ 1950.140125] iptables denied: IN=eth0 OUT= MAC=01:00:5e:00:00:fb:20:cf:30:68:05:2b:08:00 SRC=10.0.7.11 DST=224.0.0.251 LEN=60 TOS=0x00 PREC=0x00 TTL=1 ...
For #2, I thought I already had rules to address the broadcast traffic, but I'm still seeing the syslog messages.
My LAN IP address are 10.0.7.0/24 and the Pi 4 webserver's address is 10.0.7.92.
My IPTables rules are below:
Quote:
| sudo iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N f2b-nginx-noscript -A INPUT -p tcp -m multiport --dports 80,443 -j f2b-nginx-noscript -A INPUT -p tcp -m multiport --dports 80,443 -j f2b-nginx-noscript -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT --reject-with icmp-port-unreachable -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -s 224.0.0.0/4 -j ACCEPT -A INPUT -d 224.0.0.0/24 -j ACCEPT -A INPUT -d 10.0.7.255/32 -m pkttype --pkt-type broadcast -j DROP -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -s 10.0.7.0/24 -p udp -m udp --dport 137 -j ACCEPT -A INPUT -s 10.0.7.0/24 -p udp -m udp --dport 138 -j ACCEPT -A INPUT -s 10.0.7.0/24 -p tcp -m tcp --dport 139 -j ACCEPT -A INPUT -s 10.0.7.0/24 -p tcp -m tcp --dport 445 -j ACCEPT -A INPUT -j DROP -A FORWARD -s 224.0.0.0/4 -d 224.0.0.0/4 -j ACCEPT -A FORWARD -d 10.0.7.255/32 -m pkttype --pkt-type broadcast -j DROP -A FORWARD -j DROP -A OUTPUT -d 224.0.0.0/4 -j ACCEPT -A OUTPUT -d 10.0.7.255/32 -m pkttype --pkt-type broadcast -j DROP -A OUTPUT -j ACCEPT -A f2b-nginx-noscript -s 35.196.101.221/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-nginx-noscript -j RETURN -A f2b-nginx-noscript -j RETURN |
Thanks for any comments and suggestions....RDK