kernel logging network traffic

[Dag Wieers]

On Sun, 19 Feb 2006, Chris Hare wrote:

> I am seeing messages such as these in /var/log/messages
>  
> Feb 19 23:38:06 radio kernel: Inbound IN=eth0 OUT=
> MAC=00:20:ed:17:25:3d:00:11:1
> 1:2b:ad:cc:08:00 SRC=192.168.1.20 DST=192.168.1.21 LEN=48 TOS=0x00 PREC=0x00
> TTL
> =128 ID=7875 DF PROTO=TCP SPT=3221 DPT=1984 WINDOW=65535 RES=0x00 SYN URGP=0
>  
> Not sure what I did to turn this on, but I would really like to disable it
> ..... 
>  
> Any ideas where it is coming from and how to stop it?

Check man iptables and search for LOG

   LOG
       Turn on kernel logging of matching packets.  When this option is 
       set for a rule, the Linux kernel will print  some  information  on  
       all matching packets (like most IP header fields) via the kernel 
       log (where it can be read with dmesg or syslogd(8)).  This is a 
       "non-terminating target", i.e. rule traversal continues at the 
       next rule.  So if you want to LOG the packets you refuse, use  two  
       separate  rules with the same matching criteria, first using target 
       LOG then DROP (or REJECT).

       --log-level level
              Level of logging (numeric or see syslog.conf(5)).

       --log-prefix prefix
              Prefix log messages with the specified prefix; up to 29 
              letters long, and useful for distinguishing messages in the 
              logs.

       --log-tcp-sequence
              Log TCP sequence numbers. This is a security risk if the log 
              is readable by users.

       --log-tcp-options
              Log options from the TCP packet header.

       --log-ip-options
              Log options from the IP packet header.

Kind regards,
--   dag wieers,  dag at wieers.com,  http://dag.wieers.com/   --
[all I want is a warm bed and a kind word and unlimited power]