Charles, thank you!
Charles Steinkuehler wrote: > > > kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535 > > 224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x0000 T=2 (#39) > > > > Yes, we know that protocol 88 is EIGRP. > > > > No, Ethernet <http://www.echogent.com/cgi-bin/fwlog.pl> does not > > recognize this. > > > > [1] Does this represent a problem? Or, is this a candidate for Silent > > Deny? > > Not a problem, unless you feel compelled to get a Cisco or other advnced > router running so you can start swapping routing info with your ISP...of > course they probably won't listen to you anyway (unless they don't know how > to properly configure their router). > > Ideal candidate for the bit-bucket. > > > [2] Dachstein Silent Deny handles *only* icmp, tcp and udp. What is the > > best way to Silent Deny these? > > Um...not exactly. IPChains (and hence most of the network.conf settings) > only knows about icmp, tcp, and udp by NAME, but you can stick in arbitrary > protocols if you want. From Dachstein network.conf: > > # Traffic to completely ignore...define here to prevent filling your logs > # Space seperated list: protocol_srcip/mask_dstport > #SILENT_DENY="udp_207.235.84.1_route udp_207.235.84.0/24_37" > > So you want something like: > SILENT_DENY="88_x.y.z.158" Of course, you know that I tried: SILENT_DENY="88_x.y.z.158_65535" which did *NOT* work -- and, I blindly assumed that SILENT_DENY could not work for this scenario ;> Again, the laugh is on me! Anyway, yes, your solution works perfectly -- thank you !!! > <humor>Must be one of those new ipv6 addresses...is that base64 > encoding?</humor> > > Note the missing third field (port number), which only makes sense with > icmp/tcp/udp. Leaving this blank prevents the error you would get trying to > specify a port with a custom protocol. > > Not really obvious, but it should work... > Maybe I should make the comment something like: > # Space seperated list: protocol_srcip/mask[_dstport] It would have saved me a post ;> Nevertheless, it is good that this scenario is now in the archives . . . -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
