In my smaller environments I have logwatch enabled to send me a daily status email from the server. I find that the list of blocks by iptables on an Internet-connect host is very noisy.
--------------------- iptables firewall Begin ------------------------ Listed by source hosts: Dropped 4397 packets on interface eth0 From 1.93.55.131 - 1 packet to tcp(3306) From 1.93.55.159 - 1 packet to tcp(1322) From 1.229.35.65 - 1 packet to udp(23509) From 12.181.18.32 - 1 packet to tcp(5900) From 14.216.108.81 - 3 packets to tcp(23) From 23.94.244.79 - 2 packets to tcp(135) From 24.159.201.122 - 1 packet to udp(23509) From 37.59.42.95 - 1 packet to tcp(57966) From 42.96.133.172 - 1 packet to tcp(1433) From 46.239.121.16 - 1 packet to udp(123) From 49.89.193.183 - 1 packet to tcp(23) From 54.230.8.247 - 2 packets to tcp(10838) From 58.175.244.168 - 4 packets to tcp(80,8080)
To disable the check, I remove the logfile source of the iptables check.
echo "services/iptables: LogFile =" >> /etc/logwatch/conf/override.conf