Console tty flooded with mysterious SFWZ output

I am plagued by some mysterious console output in either of the tty CTRL+ALT+F1-F6
When I go to a console tty these pops up regularly

SFWZ-INext-ACC IN=eth0 OUT= MAC= SRC=20.1.0.71 DST=239.255.255.258 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=62116 DF PROTO=UDP
SFWZ-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:22:15:41:1c:83:e4… SRC=20.1.0.138 DST=20.1.0.71 LEN=286

No matter where I am in the console, writing a command, reading a file with less.
It makes it hard to write commands when these pop up in between.

I have just upgraded to Leap 15. I experienced this problem before also on Leap 42.3

I have no idea, but 239.255.255.258 and 20.1.0.71 are apparently IP addresses. Do you have any idea if you use them in your network or try to access them?

BTW both do not turn up a domain name when asked for in DNS.

It probably would be a good idea to disable SuSEfirewall2 and use the new firewalld instead. That’s actually the default (and only supported one) meanwhile, but it’s not switched automatically when upgrading to avoid nasty surprises.

As these messages come from SuSEfirewall2, this should get rid of them… :wink:

That the messages appear on the tty are the result of a too verbose kernel loglevel though, I think.
I remember some discussion about a similar problem on some mailinglist not too long ago, but would have to search it first.

It should also be possible to disable these log messages themselves in the SF2 configuration, but you’ll have to edit /etc/sysconfig/SuSEfirewall2 manually with a text editor (search for “LOG”) as the YaST module has been dropped.

I seem to remember that installing rsyslog would “hide” them.
I’m not completely sure though.

Actually, this command should hide them from the console, IIRC:

echo 1 > /proc/sys/kernel/printk


(but that will be “forgotten” when you reboot)
See also e.g. linux - How can I show a printk() message in a console? - Stack Overflow

AFAIR, having one particular package installed makes a difference that this defaults to 1 instead of a higher number. Or the other way round if you want, some package not installed causes it to be 4 (or was it even 7?) instead of 1 which results in a lot more kernel messages showing up on the console.
It is 1 here, and I do have rsyslog installed.

PS: “cat /proc/sys/kernel/printk” shows the current setting.

One way to change this on boot would be to add something like this to /etc/sysctl.conf (or create a new file with that content and some arbitrary name in /etc/sysctl.d/)

kernel.printk = 1 4 1 7

(values taken from my system here, I never knowingly changed them…)

See also https://superuser.com/questions/351387/how-to-stop-kernel-messages-from-flooding-my-console

Yes, it is indeed rsyslog, judging from this in its config file (/etc/rsyslog.conf):

# set log level 1 (same as in /etc/sysconfig/syslog).
$klogConsoleLogLevel    1

Actually, SUSE decided to again use rsyslog as default syslog in SLE (and Leap) 15 instead of a persistant systemd journal:
https://bugzilla.opensuse.org/show_bug.cgi?id=1097708

I.e. on a fresh installation, what you experience shouldn’t happen.

But if you started from openSUSE 13.2 or Leap 42.x and upgraded, you normally have systemd-logger installed (which replaced rsyslog as default in 13.2), and rsyslog probably won’t be installed automatically because they conflict.

That worked.

So upgrading to Leap 15 will fix the problem permanently.

Anyone know the reason for why they did that?

All they said in that bug report was: “it’s intended that you have rsyslog creating /var/log/messages”
Was there a problem with systemd? Wouldn’t this be like going backwards, while the rest goes forward?

So I actually have to make a clean install of Leap. I think the version I installed all those years ago was Leap 42.1 or 42.2.

The firewalld I have not heard of before.
Is it any better than SuSEFirewall?

  1. Better performance
  2. Better/Easier configuration
  3. Better security

So firewalld has “replaced” SuSEFirewall2 as default, but not used when upgrading from an older Leap? When did it become default. My install was Leap 42.1 og 42.2 for 3 years ago.

It was introduced in TW a few months back, and included in Leap 15 as well (although SuSEfirewall2 is still available if desired for any reason). This thread may be of interest to you
https://forums.opensuse.org/showthread.php/529169-yast2-firewall-launches-firewalld-GUI-since-most-recent-dup?p=2851860#post2851860
Also…
https://features.opensuse.org/318356