Multiple DROP_NEWNOTSYN in Firewall Logs

I have a relatively new installation of IPFire 2.25 (x86_64) - Core Update 153 and it is running fine (as far as I can tell)

I have changed nothing from standard other than adding Guardian & Intrusion Protection using Talos VRT rules

My Firewall logs are full of DROP_NEWNOTSYN messages (about 1 a minute)

MY Networking knowledge is rudimentary

This is the only information i I can find on what may be happening http://www.faqs.org/docs/iptables/newnotsyn.html.

I have only Red & Green zones

The Majority of messages come on green and the majority of those from a Bose Internet connected sound system. but others appear from other devices on green and on red from IP addresses apparently associated with social media companies.

I see that in the firewall options I can stop logging these messages

My questions are:

Should I be concerned about these messages?

or Should I just stop logging them so I can see any other messages more easily?

And is there a better resource I can use to read up on things like this without getting too bogged down in technicalities?

Thanks

EDIT - I just found the WIKI concerning Firewall Options / Logging which explains these messages well wiki.ipfire.org - Firewall Options

1 Like

@stimk … I have logging of DROP_NEWNOTSYN packets disabled and it is my understanding that it’s safe to so.

I’m sure we will hear back from one of the more technically minded members otherwise.

Most of what you will need to come up to speed with IPfire is well documented in the Wiki.

And… welcome to IPFire !

1 Like

Thanks Robert

Yes the Wiki keeps getting better as you drill into it. It can be a bit difficult at first to find what you need.

True, I’m still finding gems two years after I started using IPFire hehe

Other members will drop a wiki link here if you do have trouble finding what you are looking for.

@stimk - I have DROP_NEWNOTSYN logging disabled also. Since this is just logging, it is safe to turn it off (or on!). The Firewall Options page is the right page to look at!

Hey guys, new IPFire user here. Although I have disabled “Log dropped new not SYN packets” in Firewall Options, I still have plenty of those in the firewall log. Anything I can do about it?

Welcome to the pack Louis, unfortunately I am in the same boat
I still see a lot of them and don’t know any more.

1 Like

Disabling the logging of “new not SYN packets” is working for me:

My firewall options:

My firewall log:

Maybe a stupid question… but you did restart the firewall after changing that logging option?

2021-02-20_15-40-33

RS

3 Likes

You got it, I didn’t saw the warning. After a reboot, it’s working as expected. Thanks for your help!

1 Like

Good to hear.

Thanks for letting us know.

Adding this for those curious about TCP NEW not SYN packets :slight_smile:
https://sourceforge.net/p/ipcop/mailman/message/17829350/

1 Like