-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charles Steinkuehler wrote:
| I'm migrating to a cable-modem internet connection, and am getting all the | external junk that goes along with the 'shared' nature of this type of link. | | I'd like to drop a bunch of junk that's currently getting logged, but am not | sure the best way to do this with shorewall. The packets giving me problems | have a random (assigned by my not-so-net-savvy 'neighbors') source | addressses, and broadcast destination addresses (ie: windows DHCP broadcasts | for internal LANs that get sent out the external interface): | | Nov 11 20:39:23 morpheus kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= | MAC=ff:ff:ff:ff:ff:ff:00:50:57:01:3f:a1:08:00 SRC=10.255.96.1 | DST=255.255.255.255 LEN=328 TOS=0x06 PREC=0x00 TTL=16 ID=0 PROTO=UDP SPT=67 | DPT=68 LEN=308 | | <and more like this with differnet source IP/MAC> | | I figure there's a graceful way to drop this stuff in shorewall, I'm just | not seeing it. I'd put it in the blacklist file, but that filters by source | IP, which is subject to change. | | I really want to be able to filter by protocol, source and/or dest port, and | destination IP, before the traffic hits the rfc1918 rule with is causing the | logging (I still want to log *OTHER* rfc1918 traffic that shows up at my | external interface, just drop the DHCP replies). | | What's the "right" way to do this in shorewall? Never mind...after testing some blacklist rules (and some sleep!), I noticed the port specificaitons in the blacklist file are destination ports, so I can block the above traffic by port (and wildcard 0/0 source address). - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDdedELywbqEHdNFwRAromAJ9ldv5G6Z3M8IVUyrcHhLX9VET6nQCghaoT +p0Sg9prQYs/FyJym3c7f/Q= =Bbw+ -----END PGP SIGNATURE----- ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
