Nixpkgs: Don't log network rejects to console on NixOS ISO

Created on 22 Oct 2016  路  5Comments  路  Source: NixOS/nixpkgs

Issue description

I'm maintaining a server which was on net for several years before, having loaded NixOS ISO for that. It's very difficult to work with terminal because I get interrupted every several seconds with rejected scanning attempts -- I need to write every command several times hoping that this time no reject would come while I type it and verify that everything is correct. It therefore introduces possibilities for typos (because often you don't see the full line you typed) and general frustration (disclosure: my current main concern ~_^).

rejects

Steps to reproduce

  1. Boot server from NixOS ISO;
  2. Spam it with TCP connections on closed ports from outside;

    Technical details

  • System: (NixOS: nixos-version, Ubuntu/Fedora: lsb_release -a, ...) NixOS pre17.03 09e4b78
blocker nixos user experience port to stable
Source
picture abbradar
👍7

Most helpful comment

On my NixOS install I use networking.firewall.logRefusedConnections = false in configuration.nix to squelch these from spamming constantly, perhaps that should be the default?

Sounds like the real issue is it's logging to your console, interrupting your workflow, which definitely should only be done for critical problems per suggestions by @jokogr.

picture dtzWill on 7 Nov 2016
👍2

All 5 comments

I tend walk to into our server room and rip out the Ethernet cords until I am done with the initial setup for that very reason :D

NeQuissimus picture NeQuissimus on 22 Oct 2016
😄1

I personally change boot.consoleLogLevel for my ISO images as seen at https://github.com/NixOS/nixpkgs/blob/56904d7c423f2b13b37fbd29f39bbb4b52bc7824/nixos/modules/installer/cd-dvd/iso-image.nix#L235, but I guess lowering it could hide more important system issues.

Edit: On the official ISO, sysctl -w kernel.printk="3 4 1 3" is enough to stop the spam... Source: http://superuser.com/questions/351387/how-to-stop-kernel-messages-from-flooding-my-console

jokogr picture jokogr on 31 Oct 2016

On my NixOS install I use networking.firewall.logRefusedConnections = false in configuration.nix to squelch these from spamming constantly, perhaps that should be the default?

Sounds like the real issue is it's logging to your console, interrupting your workflow, which definitely should only be done for critical problems per suggestions by @jokogr.

dtzWill picture dtzWill on 7 Nov 2016
👍2

Heh, my actions are logged as abbradar's (EDIT: support notified).

vcunat picture vcunat on 7 Nov 2016
😄1

GitHub seems to have fixed this fast!

vcunat picture vcunat on 7 Nov 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

domenkozar picture domenkozar  路  3Comments
retrry picture retrry  路  3Comments
copumpkin picture copumpkin  路  3Comments
copumpkin picture copumpkin  路  3Comments
sid-kap picture sid-kap  路  3Comments