my understanding of martians are lost packets usually due to bogus routing or badly spoofed address's...
you might need to add just one iptables rule to your firewall to block martians.. (sorry can't tell you what it is offhand.. I never learned iptables as well as I did ipchains.) but since iptables is stateful inspection, it seems trivial to block bogus packets... a quick search on google should show you an iptables rule to add to rc.local to block them.. rgds frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Raffaele Belardi Sent: Monday, 18 November 2002 10:33 PM To: [EMAIL PROTECTED] Subject: Re: [newbie] martian source on syslog Thanks, but I am already behing a company firewall. I only want to stop the kernel from logging the "martian source" message to prevent the syslog from filling up with useless messages. Can that be done? thanks, raffaele [EMAIL PROTECTED] wrote: > I suggest you install and use gShield .. > > It has settings for martians, portforwarding, blacklists tcp cookies and a > ton of other stuff.. > > all from one smallish human edited config file thats easy to read and > understand. > > give it a go.. > > If Mandrake just used gShield, and created a small mcc app to make the > config file editing a GUI issue, all the compliants on their firewall would > stop... > > I used to use pmfirewall for ipchains, but since I started using gShield on > iptables I've never looked back.. > > rgds > > Frank > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Raffaele Belardi > Sent: Monday, 18 November 2002 9:57 PM > To: [EMAIL PROTECTED] > Subject: [newbie] martian source on syslog > > > kernel: martian source 0.255.255.255 from 0.0.0.0, on dev eth0 > kernel: ll header: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx > > How do I get rid of these messages? At a rate of about 1 every 5 seconds > they're filling up my syslog! > > I'm running MDK8.2, msec level 3, had shorewall installed for a brief > period, now I uninstalled it. The messages started to appear after > shorewall installation, but did not vanish after shorewall disinstallation. > > Any hints? > > thanks, > > raffaele > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
