On Sun, 11 Nov 2001, Bill Day wrote:
> Currently cheating 8^) Am running PMFirewall for IPChains firewall.
Not really cheating: PMFirewall does a pretty decent job without much
hassle. I like it, and occasionally use it for NAT on my home dialup.
> Imagine this might make a difference..?
I wouldn't think so, but there will be extra lines in the logfile from
other ipchains actions besides the worm hits.
> I ran the /sbin/ipchains-save and it rolled way up the screen and I couldnt
> make heads or tails of it 8^(
# ipchains-save | less -or-
# ipchains-save > sometextfile
the latter has the bonus of deleting any chains which might have been
"accidently" included and then:
# cat sometextfile | ipchains-restore
> Lotsa IP address(more 0.0.0.0/...) than anything else. what would I be
> looking for?
These are probably the rules inserted by pmfirewall. Look further down in
the file and try to correlate a few existing chain rules with addresses in
the access_log or error_log. If you get matches you can assume (usual
disclaimers apply) that the offending sites are being blocked.
<disclaimer>
I'm not as well-versed on this stuff as I should be, as I prefer to rely
on a well locked-down and watched machine rather than a firewall. If I
missed something or am incorrect, hopefully someone more knowledgeable
will correct me :-)
</disclaimer>
HTH,
John V.
--
_/- John Voigt - K9GBO -----|- Registered Linux User #38558 --_/
_/- Reclamation Specialist --|- IN Dept of Natural Resources -_/
_/- [EMAIL PROTECTED] ---------|- (812) 665-2207 --------------_/
UNIX is not just an operating system, it is a way of doing things...
-- David Korn
_______________________________________________
Linux-users mailing list
Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
