On Tuesday 20 December 2005 09:48, Tom Eastep wrote: > On Tuesday 20 December 2005 09:29, Timothy J. Massey wrote: > > It adds 2 more logging lines, but it only affects the logging rules for > > the 3 ports we're interested in, rather than the 65,000 or so that we're > > not. Am I missing something? > > Yes -- why in the world would you send traffic for the other 65,000 through > this action in the first place? The intent of the original code on the web > site is that we log accepted SSH traffic with a disposition of ACCEPT while > we log the knocks and disables with a disposition of DROP (which is > actually what happens). It is assumed that only traffic destined for *those > three ports* will ever go through the chain.
Doh -- can't count this morning; should have been "those four ports". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpJ5kOAweRnr.pgp
Description: PGP signature
