No, you may not. :-) Hosts also need firewalling.
-Philip John Novack wrote: > May I assume this firewall module is not usable with boards that only > have a single Ethernet port? > > > John Novack > > > Philip Prindeville wrote: >> Darrick Hartman (lists) wrote: >> >>> Michael Keuter wrote: >>> >>> >>>>>>> -Philip >>>>>>> >>>>>>> >>>>>> A problem in Astlinux is, that before you can add an attacker to the >>>>>> blocklist (when you see the attacks in realtime), the "/var/" >>>>>> partition will be full within 2-3 minutes just because of the growing >>>>>> syslog :-(. And from that point in time you do not have any logs at >>>>>> all. Is there a way that the rotated log can automatically zipped? >>>>>> >>>>>> >>>>> You can set Arno's firewall not to log blocked attacks. That is an >>>>> option. >>>>> >>>>> -- >>>>> Darrick Hartman >>>>> >>>>> >>>> Hi Darrick, >>>> >>>> I know that, but when the attack starts (and you don't see the attack >>>> live) you don't know the attacker IP-address. Then the log messages >>>> are coming from Asterisk. And within 2-3 minutes /var/ is full by the >>>> log messages of Asterisk (not by the firewall). >>>> >>>> >>> Two ways around that. >>> >>> 1). If you have enough system ram, you can set the size of the var >>> partition in the rc.conf file to a larger size. >>> >>> 2). Only allow SIP access from the IP addresses that you need to allow. >>> Instead of having a wide-open port 5060, only accept SIP traffic from >>> the IP addresses of your VOIP provider. >>> >>> Of course, if you're allowing anonymous calls into your Asterisk system, >>> you can't do #2. >>> >>> Darrick >>> >>> >> >> Michael: >> >> The outstanding news is that anyone can contribute to Arno's Iptables >> Firewall, including you. :-) >> >> Seriously though, it shouldn't be too hard to take >> /usr/share/arno-iptables-firewall/plugins/50ssh-brute-force-protection.plugin >> >> (or whatever it's called) and tweak it to do the same sort of >> rate-limiting with UDP traffic to port 5060 (or 5060-5064 or whatever). >> >> Try doing that... getting it working, and we can see about submitting it >> to Arno as part of the user contributed list of plugins. >> >> He's very receptive. :-) >> >> -Philip >> ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
