Disable logging of port 137

Hi,
i have a lot of entries that my firewall is blocking port 137 for my internal network. I am fine with that. But i don't want them to show up in the system.log as i have now a lot of entries like REJECT wan in: IN=eth0.2 OUT= MAC=ff:ff:ff:ff:ff:ff:a0:af:bd:77:b6:92:08:00:45:00:00:4e SRC=192.168.1.2 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=24457 PROTO=UDP SPT=137 DPT=137 LEN=58
So i did some googling about this. And came up with the following solution, however it was not enough.
I created an entry in the firewall from luci to drop the ports 137-139 if they are from 192.168.2.1/24. This is creating automatically another zone 'zone_wan_src_DROP' which has also a LOG entry. I thought this was nice if i can remove the LOG entry. because now i have a lot of DROP wan in: IN=eth0.2... in the syslog. This solution would be perfect because if i want an entry to be logged, then i reject this package and if i don't want to have a log, then i drop this package.
So i deleted that log entry with
iptables -D zone_wan_src_DROP -i eth0.2 -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "DROP wan in: "
This is also working fine, but everytime when i restart the firewall or reboot the router, the log rule comes back. I tried the following things to work around this issue: Adding this rule to the Custom rules, and add the *option reload '1' under the config include sections section in the /etc/config/firewall. I also added this rule in the /etc/rc.local which was working for some other rules. However in this case where i want to remove the LOG rule in the zone_wan_src_DROP it is not working. Does anybody else have a trick to solve this?

This is not OpenWrt...

???

  • Are you trying to drop traffic from an upstream router?
  • Is that where the log entry is from?

Well, include with option reload should work, make sure you restart the firewall service to apply the new configuration.

By the way, are you sure that you really need to enable zone logging?

I believe, there are 2 main reasons to read logs:

  • Part of the troubleshooting process to configure, debug or fix something.
  • One of your job responsibilities that you get paid for.

Otherwise, this is most likely a waste of time.

OK, i was doing way to difficult. The solution was to add -j DROP in the Extra arguments on the Advanced Settings tab of this rule.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.