[EMAIL PROTECTED] wrote:
> You put your rules under the "router" section. Are you running this in
> "router" mode? or in "firewall" mode?
>
I agree with Jeff. I have been running this script for two and a half months
... but it is in ipfilter_firewall_cfg ... not the router section. Try it
this way in /etc/ipfilter.cinf
# Added by Charles Steinkuehler to allow more flexible internal server setup
# A function to configure the filters for firewalling
ipfilter_firewall_cfg () {
local ADDR
local DEST
local NET
#
# set default policies
#
# ONLY DENY FORWARDING ETC IF YOU KNOW WHAT YOU ARE DOING! If
# you turn off the filters, the box will become opaque to any traffic!
#
ipfilter_policy DENY
# Clear any garbage rules out of the filters
ipfilter_flush
# Block known IPs who do TCP port 53 floods
# Added to block list of IPs on 4/15/2001
IP_LIST="`cat /etc/dns_floods`"
for IP in $IP_LIST ; do
$IPCH -I input -j DENY -p tcp -s $IP/32 -d $EXTERN_IP/32 53 -i $EXTERN_IF
done ; unset IP
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
