Normally, this wouldn’t be a concern. But I have a container in which I store firewall logs that is getting full way too fast because of this.
Is it possible to disable firewall logging for certain ip’s without adding the ip to the exceptions list? I know this may seem counterintuitive but this is a special exception.
Setup a dedicated iptable chain in /etc/sysconfig/scripts/SuSEfirewall-custom for all IPs you don’t want to log. You also might setup this dedicated chain for DNS ports only. But then NO DNS traffic will be logged. YOu also might setup a dedicated chain for DNS ports which will stop logging if the number of DNS requests reaches a defined threshold.