On Fri, Jul 12, 2002 at 12:39:07AM +0200, Brandon Friedman <[EMAIL PROTECTED]> wrote: > I also notice these lines: > accept udp 30 udp.dest=udp.netbios-ns > accept udp 30 udp.source=udp.netbios-ns > > > They indicate to bring up the interface for netbios requests? > > Why would you want that?
I don't see any reason why the link should go up on Netbios requests, since we will block them on the incoming packet filters. However, note the line above: ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns which will also have some effect. The next thing is to find out whether these are the cause of your link going up - just because they _could_ being the link up, it doesn't mean that they _are_. From your previous mail, you have machines fetching virus patterns externally and they will also cause the link to go up. That investigation, and the conclusions you reach, will depend on your telephone charging regime - there is no one answer. This would be a great devinfo project - a flexible set of diald filters which catered for the various phone charging regimes. If you have suggestions for improvements, please send them to [EMAIL PROTECTED] along with evidence that it is a problem (i.e. show the log entries which show the link up caused by packet type x). Gordon -- Gordon Rowell [EMAIL PROTECTED] Director, Engineering Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
