var/log/firewall file size increase non stop

When I ssh (or ssh -X or ssh -Y) to my Suse SLED11-3, with my Fedora20 computer, each time I type a caracter on my Fedora console, this line (or similar) :

Jan  8 12:19:29 newwind-calc kernel: [74632.467271] SFW2-IN-ACC-EST IN=eth0 OUT= MAC=50:16:7e:37:64:2b:d4:3d:7e:97:0a:bd:08:00 SRC=IP of Fedora Computer DST=10.2.2.253 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=24963 DF PROTO=TCP SPT=43767 DPT=22 WINDOW=16465 RES=0x00 ACK URGP=0 OPT (0101080A04654FF4011C02E9)

is appended to the /var/log/firewall file on the Suse computer. The file size is in Go by the end of the day. This bother me quite a lot…

I tried to find informations on the “SuSEfirewall2” and tried to add to “/etc/sysconfig/SuSEfirewall2”

FW_TRUSTED_NETS="IP of Fedora Computer" FW_SERVICES_TRUSTED_TCP="1:65535" FW_SERVICES_TRUSTED_UDP="1:65535" FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" # was: yes FW_ALLOW_INCOMING_HIGHPORTS_UDP="dns" # was: yes FW_ALLOW_PING_FW="no" # was: yes
as I saw recommanded I dont remember where. This did not change a thing.

I am not (at all) familiar with firewall configuration. Moreover, I can not acces the “Firewall” on Yast. When I clic it, nothing happens.

Thank you for your help ! I will provide any information missing as needed, but please give me details on how to optain each piece of information

OK ! Problem soveld !

Had to modify the lines of “/etc/sysconfig/SuSEfirewall2”

FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="yes"

to

FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_ALL="no"

and then restart firewall :

sudo /sbin/SuSEfirewall2 stop sudo /sbin/SuSEfirewall2 start

On 01/08/2015 06:34 AM, acahuzac wrote:[color=blue]

Code:

FW_TRUSTED_NETS="IP of Fedora Computer"

FW_SERVICES_TRUSTED_TCP=“1:65535”
FW_SERVICES_TRUSTED_UDP=“1:65535”
FW_ALLOW_INCOMING_HIGHPORTS_TCP=“ftp-data” # was: yes
FW_ALLOW_INCOMING_HIGHPORTS_UDP=“dns” # was: yes
FW_ALLOW_PING_FW=“no” # was: yes

as I saw recommanded I dont remember where. This did not change a thing.[/color]

This should really be done from within Yast, which you mentioned…
[color=blue]

I am not (at all) familiar with firewall configuration. Moreover, I can
not acces the “Firewall” on Yast. When I clic it, nothing happens.[/color]

From the command line try the following:

sudo /sbin/yast firewall

Hopefully it works, or at least you can get some output about why things
are not working properly.
[color=blue]

Thank you for your help ! I will provide any information missing as
needed, but please give me details on how to optain each piece of
information :-)[/color]

To see which rule is causing this log message, run the following:

sudo /usr/sbin/iptables-save | grep SFW2-IN-ACC-EST

If that does not return anything somehow (doubtful), try removing the grep
portion and just post all of your iptables rules.

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

[QUOTE=acahuzac;25683]OK ! Problem soveld !

Had to modify the lines of “/etc/sysconfig/SuSEfirewall2”

FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="yes"

to

FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_ALL="no"

and then restart firewall :

sudo /sbin/SuSEfirewall2 stop sudo /sbin/SuSEfirewall2 start[/QUOTE]

For reference, both those are set to ‘no’ by default, so they must have been changed to ‘yes’ on your machine at some point.