From: Eric Frisch <[EMAIL PROTECTED]> Date: 03 Mar 2003 09:10:32 -0500
Why not use gShield, default policy is to drop everything except maybe ident. You just enable the services you need using a very well documented set of configuration files. You can add the odd custom rule yourself as well. The only place I have had trouble is the default policy is to log the drop events for hosts you place in the blacklist, dropping hundreds of packets a second from a rogue site will overwhelm the Raq with logging activity. You can do an sh -x on the gShield rc file to see all the rules generated if you want to sanity check the thing.
Thanks for pointing me to that, Eric. I was able to get gShield configured and running without too many problems (without locking myself out, even. (-: )
The only question I have now (and possibly more suited for Cobalt Users, but this is where we started) is that I'm getting a notice hourly from the cron daemon complaining that the log_traffic script can't find the tables it uses for its accounting. I had a look at the script and I know that's because the gShield script is overwriting those rules. How did you cope with this or did you just remove the hourly cronjob?
Thanks!
Michelle
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
