Logging Settings

Log LFD messages to syslog - SYSLOG
Log the login failure daemon messages to SYSLOG. You must have the perl module Sys::Syslog installed to use this option.
Default: 0 Range: 0-1

Drop target for incoming rules - DROP
The drop target for iptables rules. REJECT will send back an error packet and DROP will not respond at all. REJECT provides extra information to a hacker and lets them know that a firewall is blocking their attempts while DROP hangs their connection.
Default: DROP Range: DROP|REJECT

Drop target for outgoing rules - REJECT
Drop target for outgoing iptables rules. This can be set to either DROP or REJECT as with DROP, however as such connections are from this server it is better to REJECT connections to closed ports rather than to DROP them. This helps to immediately free up server resources rather than tying them up until a connection times out. It also tells the process making the connection that it has immediately failed. It is possible that some monolithic kernels may not support the REJECT target. If this is the case, csf checks before using REJECT and falls back to using DROP, issuing a warning to set this to DROP instead. Default: DROP Range: DROP|REJECT

Drop logging - DROP_LOGGING
Enable logging of dropped connections to blocked ports to syslog. This option is required use port scan tracking.
Default: 1 Range: 0-1

Drop incoming logging - DROP_IP_LOGGING
Enable logging of dropped incoming connections from blocked IP addresses. This option is disabled if you enable port scan tracking.
Default: 0 Range: 0-1

Drop outgoing logging - DROP_OUT_LOGGING
Enable logging of dropped outgoing connections. Where available, these logs will also include the UID connecting out which can help track abuse. Note: Only outgoing SYN packets for TCP connections are logged, other protocols log all packets. We recommend that you enable this option.
Default: 1 Range: 0-1

Drop UID logging - DROP_UID_LOGGING
Together with DROP_OUT_LOGGING enabled, this option logs the UID connecting out (where available) which can help track abuse.
Default: 1 Range: 0-1

Drop logging only reserved ports - DROP_ONLYRES
Only log reserved port dropped connections. Ports 0 through 1023.
Default: 0 Range: 0-1

Do not log dropped connections on ports - DROP_NOLOG
Do not log these blocked ports.
Default: 23,67,68,111,113,135:139,445,500,513,520

PACKET_FILTER drop logging - DROP_PF_LOGGING
Log packets dropped by the packet filtering option PACKET_FILTER
Default: 0 Range: 0-1

CONNLIMIT drop logging - CONNLIMIT_LOGGING
Log packets dropped by the Connection Limit Protection option CONNLIMIT. If this is enabled and Port Scan Tracking PS_INTERVAL is also enabled, IP addresses breaking the Connection Limit Protection will be blocked.
Default: 0 Range: 0-1

UDP flood logging - UDPFLOOD_LOGGING
Enable logging of UDP floods. This should be enabled, especially with User ID tracking enabled.
Default: 1 Range: 0-1

Watch mode logging - WATCH_MODE
Configure the firewall to watch IP addresses. This option should only be enabled while actively watching IP addresses as it adds overhead to packet traversal through iptables and syslog logging.
Default: 0 Range: 0-1

Related Pages