Debian 6.0.7 Stable.

Is it possible to tell UFW (Uncomplicated/Ubuntu Firewall) not to log certain blocked connection attempts? If not, is there some other firewall management software that would allow such a thing?

I've identified several unnecessary connection attempts from software that I use that aren't harmful, but relate to an aspect of the software that I don't use. The log fills up pretty quickly whenever I use that software, so I'd rather these particular connection attempts simply weren't logged.

Thanks.

Personally I would ditch UFW. It's not a bad tool if you like the UFW syntax but personally I think iptables is not that difficult. If you post what traffic you want to allow from where (network addresses or ranges, protocols and ports) we'll show you a basic iptables rule set that does just that. Deal?

It's a very kind offer. Thank you.

But I think you've misunderstood. I want to block certain connection attempts but not log them. Can iptables help me accomplish that? If so, I'll abandon UFW and take you up on your offer

You're welcome but don't think too much of it: one way or the other "show and tell" is basically what we do here.


In its simplest form a logging rule means a jump ("-j") with a target of LOG. Likewise a blocking rule means a jump with a target of either REJECT or DROP. A "log and block" rule basically is a combination of those two rules: logging rule first, then the blocking one. It's not that I don't understand your question, and sure UFW can do what you want, I just find it easier to express it using basic iptables rules.

Can a rule applied via iptables co-exist with rules managed by ufw? AFAIK ufw is just a front-end to iptables so I'm inclined to believe the answer is, "yes".

If so, I'll provide the information you need to so that you can create the rule that'll block without logging for the connections in question.

Yes, iptables can co-exist with ufw. However, a strong caveat is required in that unless you know what you are doing with respect to how Linux starts up and analyzes configuration files you are likely to rapidly get yourself into quicksand. See the following: http://manpages.ubuntu.com/manpages/...an8/ufw.8.html, note:
In other words, when UFW is called, all the iptables chains will be flushed. Consequently, any direct iptables rules you add to the UFW via a form of initialization scrip will need to be called at an appropriate time.

Personally, I think this is an unnecessary complication and I concur with unSpawn in that your best option is to forget UFW or any other front end for iptables and simply write iptables rules directly, which are no more complicated than those of UFW.

I disagree. I think ufw has a far simpler syntax and a faster learning curve.

Still, I agree that iptables should probably be manipulated directly instead of using a front-end. I'll undertake to start learning how to use iptables directly, and start a new thread if the same or new problems arise.

Thanks for the assistance.

In case you need one, here is a pretty good introductory level tutorial on IPtables. There are better, more complete ones than this, but this is a good place to start.