Thomas Mørch | 26 May 10:39 2009
Picon

preventing dmesg flood

Is it possible to have logging enabled, but not filling dmesg with entries?
 
Regards
Thomas
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
Laurent CARON | 26 May 13:22 2009

Re: preventing dmesg flood

Thomas Mørch wrote:
> Is it possible to have logging enabled, but not filling dmesg with entries?

Hi ?

Maybe this is related to your syslog daemon config ?

Laurent

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
Roberto C. Sánchez | 26 May 13:24 2009

Re: preventing dmesg flood

On Tue, May 26, 2009 at 10:39:29AM +0200, Thomas Mørch wrote:
> Is it possible to have logging enabled, but not filling dmesg with entries?
> 
> Regards
> Thomas

http://www.shorewall.net/FAQ.htm#faq16

You may have to tweak the numbers to get the behavior you desire.

Regards,

-Roberto

--

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
Tom Eastep | 26 May 15:15 2009
Picon

Re: preventing dmesg flood

Roberto C. Sánchez wrote:
> On Tue, May 26, 2009 at 10:39:29AM +0200, Thomas Mørch wrote:
>> Is it possible to have logging enabled, but not filling dmesg with entries?
>>
>> Regards
>> Thomas
> 
> http://www.shorewall.net/FAQ.htm#faq16
> 
> You may have to tweak the numbers to get the behavior you desire.

FAQ 16 deals with console flooding. As I understand his post, Thomas is
complaining about the kernel's ring buffer being filled with Netfilter
messages. The two are related but separate.

The only way to avoid Netfilter's use of the ring buffer is to use the
ULOG log level and to run ulogd. See
http://www.shorewall.net/shorewall_logging.html#ULOG.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
Minh Duong | 26 May 21:55 2009
Picon

Tinyproxy and shorewall setup


Hello I'm trying to setup tinyproxy and shorewall on a LEAF Bering firewall. What I'd like to do is block all
HTTP connections to the internet on port 80 and 8080 and force users to use port 8888.

So in shorewall/rules I have

ACCEPT     loc     fw      tcp     8888
DROP       loc     fw      tcp     80,8080

The ACCEPT works fine but the DROP does not seem to work.   If I don't specify a port in a web browser, I can still
surf.  Any clues as to what I can try to figure it out?

Thanks in advance,

Minh

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com 
Tom Eastep | 26 May 23:14 2009
Picon

Re: Tinyproxy and shorewall setup

Minh Duong wrote:
> Hello I'm trying to setup tinyproxy and shorewall on a LEAF Bering
> firewall. What I'd like to do is block all HTTP connections to the
> internet on port 80 and 8080 and force users to use port 8888.
> 
> So in shorewall/rules I have
> 
> ACCEPT     loc     fw      tcp     8888
> DROP       loc     fw      tcp     80,8080
> 
> The ACCEPT works fine but the DROP does not seem to work.   If I
> don't specify a port in a web browser, I can still surf.  Any clues
> as to what I can try to figure it out?

The 'DROP' rule needs to be from loc->net, not loc->fw.

-Tom
--

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com 

Gmane