On Sat, Nov 29, 2003 at 07:56:50PM -0800, Michael Mee wrote:
> > I have noticed that DNS queries on the WAN interface (sis2)
> > are showing up in my firewall log.
> I'm noticing this, plus DNS queries from the Wi0 interface to the internal
> DNS forwarder, e.g.:
> 19:45:08.466219 wi0 @0:15 B 10.0.0.160,1034 -> 10.0.0.1,53 PR udp len 20 70
> 19:45:09.462319 wi0 @0:15 B 10.0.0.160,1034 -> 10.0.0.1,53 PR udp len 20 70
> 19:45:10.462561 wi0 @0:15 B 10.0.0.160,1034 -> 10.0.0.1,53 PR udp len 20 70
> I just upgraded from pb18 to pb20, but it may have been there previously - I
> haven't checked the logs in quite a while! This is also on a Soekris 4521.
> Needless to say, it makes the firewall logs pretty useless because there's
> so much noise there (I have 3+ users at any given time) in the form of DNS
> Any ideas on how to turn this off?
If you didn't explicitly tell it either to pass or block DNS, those
packets will be blocked and logged by default. If you want to block but
not log, add an explicit rule to block DNS, and leave the log flag off
for that rule.