Vintage wrote: > > Michael - many thanks for the help - that did the trick. Just one question, > is there any danger to having these two rules at the top of my firewall > rules list? (See bottom of my note for output of "ipchains -nvL"
Actually, this is desirable. Look at it this way, ipchains are a set of sieves stacked one above the other. Packets enter the `chain' and drop through the sieves; and, those that come out the other end are those that you want inside your network. The main issue here is building an exhaustive list of packet characteristics the likes of which you do *not* want to see in your network. Once you know this, then you build your chains and go on with life. Fortunately for us, Charles has constructed a very favorable set of chains and stacked sieves. For sake of efficiency (read cpu cycles), it is best to eliminate packet types in decreasing order of their frequency/volume -- in that way, these high volume pests are eliminated by using the fewest possible cpu cycles. Bear in mind, it is not always possible, nor practical, to build it this way, and the more general set comes default in dcd. [ snip ] > Output of "ipchains -nvL" (also, I am not sure why I am blocking 66.26.39.63 > or how that rule got there, but not a big deal...): [ snip ] > 0 0 DENY all ----l- 0xFF 0x00 eth0 > 192.168.1.0/24 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 > 66.26.39.63 0.0.0.0/0 n/a > 0 0 REJECT all ----l- 0xFF 0x00 eth0 > 0.0.0.0/0 127.0.0.0/8 n/a [ snip ] I do not know where this comes from; but, you probably should figure that out; unless, of course, you will never be interested in what rdu26-39-063.nc.rr.com has to say ;> Sequence of that rule makes me wonder whether or not somebody has diddled with your /etc/ipfilter.conf file . . . hth -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
