> > ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l > > I'd suggest you have a look at the script and see if that's the case. Thanks, I've actually knocked off the script now and would like in some way to "reset" the logging to the way it was. The only thing I can see in the script (which is short) that pertains to logging anyithing (e.g. -l) is right at the bottom: # Allow any outgoing connections # $IPC -A output -j ACCEPT # # Just say no... # $IPC -A input -j REJECT -l # # Show settings # $IPC -L -n # Individual rules for the firewall are set up like this: # SSH - Secure shell access # $IPC -A input -p tcp -s 0/0 -d $OUTERNET 22 -j ACCEPT I tried adding a couple of lines to deal with ports 137 and 138, using the method detailed in a reply to a post about this particular firewall, but it did not work either! The following is with reference to Samba: >Subject: Re: [uk2raq] How do kill this from logcheck? > ...Any Hints on what you did to get rid of these (theyre driving me > crazy)??? 1) Switch firewall off & open the "firewall-on" config script: cd your_filewall_directory ./firewall-off pico -w firewall-on IN FIREWALL-ON, BELOW WHERE IT SAYS: # POP3 server # $IPC -A input -p tcp -s 0/0 -d $OUTERNET 110 -j ACCEPT # put # Deny Samba, added 20/4/2001 # $IPC -A input -p tcp -s 0/0 -d $OUTERNET 137:139 -j DENY $IPC -A input -p udp -s 0/0 -d $OUTERNET 137:139 -j DENY # leave the rest of the file unchanged. Save the alterations using "Control o" (o for orange), then restart firewall. ./firewall-on Check your messages file to see if the warnings have stopped: pico -w /var/log/messages LF Didn't "stop" for me! Thanks Dan _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
