I've tried to set up silent rejection for the port 53 floods that I
experience so often w/ those x10 camera ads all over the place. But it
doesn't seem to be working, they still show up in my logs (and in 3
logs no less) which is really unnecessary. Below is the output from
ipchains --list, the /etc/dns_floods file and /etc/ipfilter.conf file.
I've included the entire ipfilter.conf but all you *should* need is the
bit about 230 lines in:
# A function to configure the filters for routing
ipfilter_router_cfg () {
#
# set default policies
#
# ONLY DENY FORWARDING ETC IF YOU KNOW WHAT YOU ARE DOING! If
# you turn off the filters, the box will become opaque to any traffic!
#
ipfilter_policy DENY
# Clear any garbage rules out of the filters
ipfilter_flush
# Block known IPs who do TCP port 53 floods
# Added to block list of IPs on 4/15/2001
IP_LIST="`cat /etc/dns_floods`"
for IP in $IP_LIST ; do
$IPCH -I input -j DENY -p tcp -s $IP/32 -d $EXTERN_IP/32 53 -i
$EXTERN_IF
done ; unset IP ; unset IP_LIST
That's what I added, with a bit before it to show where I put it in.
This is an EigerStein2 box.
TIA
=====
_________________________
/ \ Some great sites:
[ Tony Lieuallen ] http://www.dilbert.com
[ [EMAIL PROTECTED] ] http://www.borg.com/~rjgtoons/
[ ] http://www.memepool.com
\_________________________/ http://www.bottomquark.com/
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
