Home / server / Questions / 453723
Accepted
thomasrutter
Asked: 2012-11-30 21:48:30 +0800 CST

In ufw is there any way to disable logging for a particular rule?

  • 772

I am using UFW with a default logging policy of "low".

I would like to keep this logging on for the default deny action, but disable it for a particular IP address only. So I'd like to create one particular new rule that doesn't have logging.

Is there a way to achieve this?

I have a rather uncomplicated ufw setup so far, like this:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     LIMIT       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere (v6)
80/tcp                     ALLOW       Anywhere (v6)
443/tcp                    ALLOW       Anywhere (v6)
ubuntu

1 Answers

  1. Best Answer

    Found the answer right in the ufw manpage:

    ufw supports per rule logging. By default, no logging is performed when a packet matches a rule.

    So even though the packets from this IP were being denied anyway, to prevent them showing in the logs I had to create an explicit deny rule specifically mentioning that IP address/port.

    • 4