I am running Mandrake 10.0 with Firestarter.

There are a few Windows machines on my subnet and my logs are FULL of hits that I do not want to log. I get hit at least every ten seconds. Those are not my machines and I have no control over them.

How can I stop logging this? For example, a machine on my subnet constantly hitting me from source port 1919 to destination port 5000?

I know about grepping logs and such, but I'd like to reduce the volume of logging. Or, if that's a stupid idea, please explain why. Thanks.

If you don't want to log something then just drop the packets without logging: Just make sure that the rule that drops the packets comes before the rule that logs it. With iptables the chains are traversed from top to bottom until a match is found. The first match usually terminates the traversal of the chain. So that when your last rule in a chain has a LOG target this wouldn't log the packets that were dropped earlier in the chain.

Another way is to use rate limits. If for instance you don't want to be flooded by broadcasts on tcp port 137 but you still want to know if they hit you from time to time use

iptables -A INPUT -p tcp --dport 137 --limit 1/minute -j LOG

to log only one of these packets a minute.

This just for the record: A log entry every ten seconds is nothing. If that makes your logs grow to big then you should seriously reconsider your logrotate.conf

Thanks, I'll try that.

It's not that my logs are too big, it's that my computer is online 24/7 and it seems pointless to keep logging this one noisy Windows box on my subnet that is of no interest to me.

Cheers.

If you are on an ISP network, I always send an email to the ISP about boxes that are rooted.

but yeah, you can also just add a rule for that box only as a drop and not log.