Cory Petkovsek wrote:
On Wed, Sep 17, 2003 at 11:13:48AM -0700, Brad Davidson wrote:
#everything else is logged and then dropped
iptables -A sort -j LOG --log-level info
iptables -A sort -j DROP
This has a similar problem as Bob's original script. Logging without
limits.
Yes... He's still free to use the limiter on there as well if he doens't
want to see all the log info. I was leaving that up to him if he felt it
necessary.
I'm not anticipating that anything I suggest be used literally - YMMV,
caveat emptor, batteries not included, etc. Change it as necessary for
your environment. If it's gonna bork your logs - by all means, limit it.
#jump to the sorting rule from input and forward.
#output isn't really worth worrying about IMHO - the
#unwanted hosts don't get in, so why would there
#be anything going back to them
iptables -A INPUT -j sort
iptables -A FORWARD -j sort
I used to think so. Then our network got a worm from an infected laptop
and the worm scanned for hosts outside of our network.
I didn't see any indication that this was a gateway server - he only
mentioned one ethernet interface, and the only NAT he was running was to
do transparent port redirection. If it's acting as a gateway then
outbound connections from this box (originating from systems inside the
protected network) are definately an issue. But I'd take care of that
with rules on the internal interface, as opposed to killing the traffic
on the outbound chain - why wait until it's made it all the way through
the routing process to drop it?
_______________________________________________
EuG-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
