Avoid log flood

2011-06-22 15:47:23 +02:00 · 2011-06-22 15:47:23 +02:00 · 66c6cc3853
parent 1c466fdf89
commit 66c6cc3853
2 changed files with 10 additions and 1 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,10 @@
+eofirewall (0.1-20110621.3) unstable; urgency=low
+
+  * Add an example for the ssh whitelist 
+  * Fix WAN outgoing traffic from lan
+
+ -- Jérôme Schneider <jschneider@entrouvert.com>  Tue, 21 Jun 2011 19:35:17 +0200
+
 eofirewall (0.1-20110621.2) unstable; urgency=low

  * Add a whitelist for ssh
--- a/4
+++ b/4
@ -277,7 +277,9 @@ start()
    ## LOG
    ## Create a LOGDROP chain to log and drop packets
    $IPTABLES -N LOGDROP
-    $IPTABLES -A LOGDROP -j LOG --log-prefix "iptables: " --log-level 4
+    $IPTABLES -A LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
+    $IPTABLES -A LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
+    $IPTABLES -A LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
    $IPTABLES -A LOGDROP -j DROP

    $IPTABLES -A INPUT -j LOGDROP