I am also having problems with a very long list of denied packets on my LRP. I am using Eigerstien2beta pppoe beta v.0.4 from Kenneth Hadley. I am still fairly new to Linux and LRP. Which file would I put these rules in, or where are the input chains? I am not running any web server, just a home computer.
Thank you
Robert Chambers
Jeff Clark wrote:
002701c144f9$114ba480$0101a8c0@NetSol2">There are a number of things you can do here.
First of all, these freakin IIS worms will continue to drive you and the
rest of us nuts, so, if you are not running a web server in your network
insert the following rules into your input chain to silently deny these
probes without logging them:
ipchains -I input -j DENY -p tcp -d 0/0 80 -i eth0
ipchains -I input -j DENY -p udp -d 0/0 80 -i eth0
Note there is no -l option therefore these rules will not log - saves on
your logs filling up with useless garbage. If the ramdisk fills up, the
router will die. I found this out the hard way a long time ago - consider
moving /var/log to a second ramdisk - replacing your log.lrp with ramlog.lrp
from dachstein is not too difficult.
Secondly, the weblet package is configurable - set the threshholds higher
for firewall warnings and errors in /etc/weblet.conf. They are by default
set to trip at 5 and 50 deny/reject pa ckets, repsectively.
----- Original Message -----
From: "Jeff Newmiller" <[EMAIL PROTECTED]>
To: "Cam Bremner" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, September 23, 2001 10:41 PM
Subject: Re: [Leaf-user] need help w/ LRP FW rules and Logging ?On Sun, 23 Sep 2001, Cam Bremner wrote:Hello,
I am using the Eigerstein2Beta image to share my cable modem using
DHCP. It's all working wonderfully, but I'm wondering how to
configure either the firewall rules or the log thresholds, whichever
is more appropriate for my situation. The status page is showing a
firewall error in a big scary red box, and the logs are full of the
following:
1) what exactly is this ?Attempts to connect to port 80 on your external interface.
Most likely from NIMDA, and yours is among the millions of ip addresses
being pounded on these days in this fashion. It is unlikely that anyone
is singling you out.2) how can I make it not freak out if this is normal ?The webpage? someone else will have to answer that.3) when the logs get big, what happens ? are the purged ? does the
router run out of memory and die ?There are settings that determine the log rotation schedule
(/etc/lrp.conf, I think). Most are set to rotate once per day. The
rotation shifts the logs in /var/log to .0, then to .1.gz, then .2.gz, and
finally 3.gz, and then are deleted. So you get four days of logs, but you
have to zcat|more the older ones to look at them.
If you get hit hard enough, your ramdisk may fill up. This may impair the
routing function somewhat, though the most noticeable effect will probably
be that your web page probably won't appear, and you will may not be able
to log in.
[...]
---------------------------------------------------------------------------Jeff Newmiller The ..... ..... GoLive...DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. LiveGo...Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#.rocks...2k---------------------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
