"Kameel" <kameel@xxxxxxxxxxxxxxx> wrote:
> There's this other box on my isp's network that is broadcasting bootp
traffic.
>
> Whilst not a big deal, port sentry is picking it up and logging it,
meaning
> the log files are just getting huge and are really cumbersome to wade
> through looking for actual errors - which is a problem :-/
>
> I've blocked the IP in port sentry,
I assume you mean that PortSentry has blocked the IP using its
KILL_HOST_DENY_ALL command to add the IP to hosts.deny, blocking the IP via
tcp wrappers (or some alternate mechanism you implemented). I thought you
might have meant you've added the IP to portsentry.ignore so that this
traffic is ignored, but then related records shouldn't appear in
/var/log/messages which is what you probably mean by "logs".
> but can I do it before port sentry to
> prevent my logs from filling up with junk ?
See the commented out KILL_ROUTE commands in portsentry.conf. I suggest
installing IPCHAINS and uncommenting the appropriate line, then restarting
PortSentry. This will block access to *all* ports from that IP and it
should never be picked up by PortSentry after that. If that's not what you
want please clarify.