Thanks for the reply. > > Take a close look at your logs...sounds like you might be on a cable-mode > (or other shared-network setup). The denied packets are probably being > generated by one of your 'neighbors', and are coming in your external > interface, otherwise they wouldn't be getting logged... >
I am on a shared network of windows machines. The denied packets come from various machines, source and destination are both internal. If these shouldn't be logged, then I need to have a very close look at the ipchains generated. > > Also, if I want to specify source ports for incoming traffic, do I have to > > hard code that in the filter file? > > Probably, although you don't mention what you're trying to specify source > ports for. If you need to make custom rules, that's what the > ipchains.input, ipchains.output, and ipchains.forward files are for in /etc. I want local users to be able to ssh into external machines, and (being fairly pedantic about firewalls) I only want to specify port 22 for external machines. If I edit those files, how do they relate to the config files (No 2 on the network config menu) > zcat </path/to/package.lrp> | tar -x Thanks, that worked fine. > > Finally, as a constructive suggestion, does anyone think it would be > useful > > if all ipchains rules where built up in one place in the config, and it > was > > all done in a more 'tabular' fashion, so that rules could be added easily, > > and options such as logging for some of the defaults could be easily > > switched off. > > Probably, but it would take a lot of work. Are you volunteering? Unfortunately I don't think I've got the time at the moment. I might have in a few months though. Thanks for a great product by the way. regards Dave _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
