firewall output flooding dmesg

Question

I log all dropped packets using following iptables rule:

-A INPUT -j LOG --log-prefix "FW_DROP: " --log-level 7

and then in rsyslog.conf, I redirect this output to a separate file, so that my syslog is not flooded

:msg, contains, "FW_DROP" -/var/log/firewall.log
& ~

This works for syslog, but my dmesg still gets flooded with the fw messages, which drives me crazy. Would anybody know how to prevent this?

You can try ULOG. http://www.linuxtopia.org/Linux_Firewall_iptables/x4883.html — Guntis, Mar 24 '13 at 15:58

score 2 · Answer 1 · answered Mar 24 '13 at 15:46

Sorry, no. All logged messages are viewable with dmesg in the order in which they were received, subject to the size of its ring buffer. If you need to view recent log entries, without seeing firewall logs, use the actual logs where the entries are being stored.

score 2 · Answer 2 · answered Feb 20 '19 at 12:48

Install the Netfilter logging daemon (apt install ulogd2 for Debian based systems)

In your iptables rules:

replace -j LOG with -j NFLOG
replace --log-prefix "..." with --nflog-prefix "..."
check /etc/ulogd.conf for other settings you might want to change (like the log file, which is "/var/log/ulog/syslogemu.log" by default on Debian)

firewall output flooding dmesg

2 Answers2