Please add a NOLOG option

Post Reply
dynamicnet
Junior Member
Posts: 48
Joined: 31 May 2012, 18:29
Location: Lancaster County PA US
Contact:

Please add a NOLOG option

Post by dynamicnet »

Good day:

csf.conf has DROP_NOLOG which modifies the firewall and does not log.

Please consider adding a NOLOG option where I can list ports whose existing firewall options are not logged.

For example:

Code: Select all

NOLOG="25"
Let state I have a web server where I want to allow outgoing TCP 25, but no incoming TCP 25.

Some of the web sites in question don't have an MX record, so when a valid mail server goes to send an email to the domain name, it ends up going to the web server IP (TCP 25) as a default given no MX.

The firewall doesn't allow the activity which is good; BUT after x attempts, CSF / LFD is sending out a brute force alert and a arf report.

I would rather have such events handled, but no logging or reporting.

Thank you.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: Please add a NOLOG option

Post by chirpy »

You can do that be excluding the port from PS_PORTS
dynamicnet
Junior Member
Posts: 48
Joined: 31 May 2012, 18:29
Location: Lancaster County PA US
Contact:

Re: Please add a NOLOG option

Post by dynamicnet »

Good day:

Thank you for pointing this out. I appreciate your time and what you've done with CSF.

I believe this would be the setting to exclude all email ports from port scan tracking:

Code: Select all

PS_PORTS = "0:24,26:109,111:142,144:464,466:586,588:992,994,996:65535,ICMP"
It leaves out ports 25, 110, 143, 465, 587, 993, and 995.

Correct?

Thank you.
Post Reply