Multiple DROP_NEWNOTSYN in Firewall Logs

stimk · 15 February 2021 07:01

I have a relatively new installation of IPFire 2.25 (x86_64) - Core Update 153 and it is running fine (as far as I can tell)

I have changed nothing from standard other than adding Guardian & Intrusion Protection using Talos VRT rules

My Firewall logs are full of DROP_NEWNOTSYN messages (about 1 a minute)

MY Networking knowledge is rudimentary

This is the only information i I can find on what may be happening http://www.faqs.org/docs/iptables/newnotsyn.html.

I have only Red & Green zones

The Majority of messages come on green and the majority of those from a Bose Internet connected sound system. but others appear from other devices on green and on red from IP addresses apparently associated with social media companies.

I see that in the firewall options I can stop logging these messages

My questions are:

Should I be concerned about these messages?

or Should I just stop logging them so I can see any other messages more easily?

And is there a better resource I can use to read up on things like this without getting too bogged down in technicalities?

Thanks

EDIT - I just found the WIKI concerning Firewall Options / Logging which explains these messages well wiki.ipfire.org - Firewall Options

rjschilt · 15 February 2021 08:48

@stimk … I have logging of DROP_NEWNOTSYN packets disabled and it is my understanding that it’s safe to so.

I’m sure we will hear back from one of the more technically minded members otherwise.

Most of what you will need to come up to speed with IPfire is well documented in the Wiki.

And… welcome to IPFire !

stimk · 15 February 2021 09:10

Thanks Robert

Yes the Wiki keeps getting better as you drill into it. It can be a bit difficult at first to find what you need.

rjschilt · 15 February 2021 11:19

True, I’m still finding gems two years after I started using IPFire hehe

Other members will drop a wiki link here if you do have trouble finding what you are looking for.

jon · 15 February 2021 18:10

@stimk - I have DROP_NEWNOTSYN logging disabled also. Since this is just logging, it is safe to turn it off (or on!). The Firewall Options page is the right page to look at!

morpheus65535 · 19 February 2021 23:55

Hey guys, new IPFire user here. Although I have disabled “Log dropped new not SYN packets” in Firewall Options, I still have plenty of those in the firewall log. Anything I can do about it?

trish · 20 February 2021 00:17

Welcome to the pack Louis, unfortunately I am in the same boat
I still see a lot of them and don’t know any more.

rjschilt · 20 February 2021 04:43

Disabling the logging of “new not SYN packets” is working for me:

My firewall options:

My firewall log:

Maybe a stupid question… but you did restart the firewall after changing that logging option?

2021-02-20_15-40-33

RS

morpheus65535 · 20 February 2021 13:08

You got it, I didn’t saw the warning. After a reboot, it’s working as expected. Thanks for your help!

rjschilt · 20 February 2021 20:14

Good to hear.

Thanks for letting us know.

sphericalumbra · 22 February 2021 02:56

Adding this for those curious about TCP NEW not SYN packets
https://sourceforge.net/p/ipcop/mailman/message/17829350/