GNU/Linux Desktop Survival Guide by Graham Williams
Desktop Survival Project Home Preface Advocacy History Distributions Installing GNU/Linux Basic Survival Wajig Applications AI, Machine Learning, Data Science Android - GNU/Linux Devices Audio Backup Booting CD Chinese ChRoot Clock Command Line Databases DIA Directories Disks EcoSysL Emacs Email Evolution Files File Systems Firewalls Floppy Disks FreedomBox Glade GNOME Graphics, Images, Photos Hardware Initialisations on Booting Installation Examples Internet IOT Java KDE Kernels Keyboard Konqueror KVM Switch LATEX Log System Login Magellan MATE Mathematics Memory Modems Mounting Devices MS/Windows Music MySQL Nautilus Networks Nextcloud Network File System NFS NT File System Oracle Packages Partitions Passwords PDF Power Management PPP Presentations Printing Python R Remote Desktops Rsync Samba Scanning Science Screens Security Spreadsheet SSH Swap Teradata Data Warehouse Themes TV Unity USB Version Control Video Virtualization Voice over IP WebCam WordPress Web Sites Word Processing and Printing X XML Troubleshooting Index

CLICK HERE TO VISIT THE UPDATED SURVIVAL GUIDE

IPCHAINS

With a update to the klogd package (or perhaps it was an update to the netbase package which contains ipchains, I started getting the following log messages written to my console (in addition to /var/log/syslog and in dmesg!):

  Packet log: input DENY ppp0 PROTO=88 125.83.4.1:65535 224.0.0.10:65535 
              L=60 S=0xC0 I=0 F=0x0000 T=2 (#11)

These packets are coming from actdial.togaware.com (125.83.4.1—my connection to the internet) and their CISCO router sending regular EIGRP (PROTO=88) packets. Nothing untoward about this but for some reason the log messages were appearing on the consoles! Every 4 seconds!

Looking at the current ipchains rules we see rule 11 is the default catch-all:

DENY       all  ----l-  anywhere             anywhere              n/a

With the following ipchains command the log messages are stopped:

  # ipchains -I input 11 -i ppp0 -d 224.0.0.10 -j DENY

So that rules 11 and 12 of the input chain are now:

DENY       all  ------  anywhere             IGRP-ROUTERS.MCAST.NET  n/a
DENY       all  ----l-  anywhere             anywhere              n/a

Note that you can save the current rules using:

  # /etc/init.d/ipchains save

which places the saved rules into /etc/ipchains.save. Load them in again with:

  # /etc/init.d/ipchains load

It seems to be okay to flush the old ones when asked.

Unfortunately, this rule is lost each time ppp restarts!

But the actual problem has been found: The log messages have a log level of less than 7, meaning they are more than debug messages. The klogd logger will display messages with a log level less than 7 to the console! This is “fixed” by changing, in the file /etc/init.d/klogd the line that says:

  KLOGD=""

to

  KLOGD="-c 5"

The messages are now gone from the console, but still remain in dmesg and /var/log/syslog. Indeed, /var/log/syslog gets filled with these so it still may be best to turn them off with the ipchains rule.