Getting rid of “kernel:nf_ct_ftp” messages

by

in

Sometimes firewall drops nf_ct_ftp messages to console and disturbs the work during increased amount of traffic to FTP port.

Message from syslogd@web1 at Jan 27 12:28:40 ...
 kernel:nf_ct_ftp: dropping packetIN= OUT=eth0 SRC=94.23.15.229 DST=36.252.2.15 LEN=53 TOS=0x10 PREC=0x00 TTL=64 ID=62620 DF PROTO=TCP SPT=21 DPT=61868 SEQ=256869292 ACK=3387663834 WINDOW=14600 RES=0x00 ACK PSH FIN URGP=0

Message from syslogd@web1 at Jan 27 12:28:40 ...
 kernel:nf_ct_ftp: dropping packetIN= OUT=eth0 SRC=94.23.15.229 DST=36.252.2.15 LEN=53 TOS=0x10 PREC=0x00 TTL=64 ID=62621 DF PROTO=TCP SPT=21 DPT=61868 SEQ=256869292 ACK=3387663834 WINDOW=14600 RES=0x00 ACK PSH FIN URGP=0

Message from syslogd@web1 at Jan 27 12:28:41 ...
 kernel:nf_ct_ftp: dropping packetIN= OUT=eth0 SRC=94.23.15.229 DST=36.252.2.15 LEN=53 TOS=0x10 PREC=0x00 TTL=64 ID=13439 DF PROTO=TCP SPT=21 DPT=32394 SEQ=1981989941 ACK=3962951258 WINDOW=14600 RES=0x00 ACK PSH FIN URGP=0

Those messages may be redirected by creating a file /etc/rsyslog.d/iptables.conf with contents:

:msg, contains, "nf_ct_ftp:" -/var/log/messages
& ~

Then restart rsyslog daemon, and all those messages should be logged to /var/log/messages from now on:

service rsyslog restart

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.