Quoting fooler ([EMAIL PROTECTED]):
> this will only prevent the kernel logging of warning errors to your log file
> but still the attacker is flooding your network segment... there are lots
> of good routers by default filtering this out..
It's really only worth a little effort filtering out bogus or stupidly
constructed network traffic. I personally drop various broadcast
packets, RFC1918 private-IP packets that somehow showed up on the wrong
side of a NAT host, and probably not much else. It's not worth the
time, ruleset complication, CPU load, and RAM to do much else, in my
view. Most of the "illegal" traffic is basically harmless, if you run
your machine attentively, and not worth wasting time on.
A word about ruleset complication: Filtering routers (what Linux people
tend to rather vaguely call "firewalls") have the problem of not
failsafing: If you make mistakes, you can create hideously problematic
holes in the security perimeter you think you're enforcing. (In that
regard, they differ from application-level proxy gateways.) Therefore,
it pays to have simple rulesets that behave predictably and that you
understand well.
--
Cheers, "Transported to a surreal landscape, a young girl kills the first
Rick Moen woman she meets, and then teams up with three complete strangers
[EMAIL PROTECTED] to kill again." -- Rick Polito's That TV Guy column,
describing the movie _The Wizard of Oz_
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL
PROTECTED]
