Bug #16068
closedLogging of packets with IP options cannot be disabled
0%
Description
Logging of packets with options (IGMP) was added/fixed as mentioned in redmine 15400 , however that was closed without addressing the increased logs messages that occur as a side effect.
While this may be intentional, it is confusing because the default ruleset causes it, but disabling the options "Log packets matched from the default block rules in the ruleset" and "Log packets matched from the default pass rules put in the ruleset" does not stop the log messages.
This fix/new behavior can create a lot of noise in the logs and cause increased disk writes, as discussed in this thread
There is the document Troubleshooting Blocked Log Entries for Legitimate Connection Packets, but it is not intuitive or easy to locate when faced with this issue, especially because it is caused by the default behavior. This is a widespread issue, and having to manually add rules to stop IGMP packets from being logged is a workaround but not a solution.
I suggest adding a setting to not "Log packets with IP options" which either modifies the default ruleset or creates the necessary floating rules. This behavior should also be mentioned and linked on the Log Settings page.
Related issues
Updated by Marcos M about 2 months ago
- Status changed from New to Needs Patch
- Assignee deleted (
Marcos M)
Unfortunately there doesn't seem to be a way to match only on the packets with IP options, hence the only way to prevent these from being logged by default would be to allow IP options in the default allow rules. For now the behavior can be noted in the log settings (edit: done for 25.03). There is also #15415. This issue can be reconsidered if there's a change upstream.
Updated by Marcos M about 1 month ago
- Related to Regression #15400: IGMP packets are logged when the filter rule has logging disabled added