> I get a lot of denys for windows machines on ports 137 and 138 (netbios) I > realise that the default Dachstein denies these, but it doesn't appear to > have a -l option in the config, so I'm a bit surprised they're in my logs. > Anyone else seen that? Also, what are these windows machines trying to do, > and can they be reconfigured to not do it?
Take a close look at your logs...sounds like you might be on a cable-mode (or other shared-network setup). The denied packets are probably being generated by one of your 'neighbors', and are coming in your external interface, otherwise they wouldn't be getting logged... > Also, if I want to specify source ports for incoming traffic, do I have to > hard code that in the filter file? Probably, although you don't mention what you're trying to specify source ports for. If you need to make custom rules, that's what the ipchains.input, ipchains.output, and ipchains.forward files are for in /etc. > Also, is it possible to extract the lrp files into a normal directory > structure from floppy on a running linux system? Yes...simply cd to the directory you want the package extracted to, and run: zcat </path/to/package.lrp> | tar -x Or any one of the several equivelant methods to un-tar-gz a file... > Finally, as a constructive suggestion, does anyone think it would be useful > if all ipchains rules where built up in one place in the config, and it was > all done in a more 'tabular' fashion, so that rules could be added easily, > and options such as logging for some of the defaults could be easily > switched off. Probably, but it would take a lot of work. Are you volunteering? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
