Kevin wrote:
> I updated my /etc/ipfilter.conf file for the DNS flood script protection as
> follows:
>
> # Added by Charles Steinkuehler to allow more flexible internal server setup
> # A function to configure the filters for firewalling
> ipfilter_firewall_cfg () {
> local ADDR
> local DEST
> local NET
>
> #
> # set default policies
> #
> # ONLY DENY FORWARDING ETC IF YOU KNOW WHAT YOU ARE DOING! If
> # you turn off the filters, the box will become opaque to any traffic!
> #
> ipfilter_policy DENY
>
> # Clear any garbage rules out of the filters
> ipfilter_flush
>
> # Block known IPs who do TCP port 53 floods
> # Added to block list of IPs on 7/7/01
> IP_LIST="`cat /etc/dns_floods`"
> for IP in $IP_LIST; do
> $IPCH -I input -j DENY -p tcp -s $IP/32 -d $EXTERN_IP/32 53 -i
> $EXTERN_IF
>
> done; unset IP
>
> I have the dns_flood file built. After I edited the ipfilter.conf file and
> dns_flood file, I saved the files, went to the # promp and issued
>
> amberton: -root-
> # svi network ipfilter flush
>
> then
>
> amberton: -root-
> # svi network ipfilter reload
>
> The script runs and blocks those DNS floods in my log file. I then backed up
> everything on the lrp and was fine. 5 days later I had to reboot and the
> script did not block the DNS flood. I had to issue the flush and reload
> command for it to block the floods.
>
> Is this correct or should this load on boot?
You have to backup etc for the changes in the /etc/ipfilter.conf and the new
file /etc/dns_floods.
# cat /etc/dns_floods
# grep dns_floods /etc/ipfilter.conf
if it is not there then you may have backed up everything except etc.
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
