Re: [leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-16 Thread Tom Eastep
On Tuesday 15 November 2005 04:30, Charles Steinkuehler wrote: Plus, I think the place to state src/dst for ports is in the second sentence. I think something like the following would be more clear: Thanks for the suggestion -- I've updated both the 2.x and 3.x doc as you suggest. -Tom --

Re: [leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-15 Thread Charles Steinkuehler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Eastep wrote: | -- | http://www1.shorewall.net/Documentation.htm#Blacklist | http://www1.shorewall.net/2.0/Documentation.htm#Blacklist | | PORTS | | Optional; may

Re: [leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-14 Thread Tom Eastep
On Saturday 12 November 2005 04:59, Charles Steinkuehler wrote: | | What's the right way to do this in shorewall? Never mind...after testing some blacklist rules (and some sleep!), I noticed the port specificaitons in the blacklist file are destination ports, so I can block the above

Re: [leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-14 Thread Charles Steinkuehler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Eastep wrote: | On Saturday 12 November 2005 04:59, Charles Steinkuehler wrote: | | | | | What's the right way to do this in shorewall? | | Never mind...after testing some blacklist rules (and some sleep!), I | noticed the port specificaitons in

Re: [leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-14 Thread Tom Eastep
On Monday 14 November 2005 19:20, Charles Steinkuehler wrote: Next up...trying to get IPSec working on debian with a patched kernel and iptables. I've got everything compiled and the kernel even runs (thanks to tips at the shorewall site!), I just haven't had time to learn the new 2.6 IPSec

Re: [leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-14 Thread Tom Eastep
On Monday 14 November 2005 19:20, Charles Steinkuehler wrote: Tom Eastep wrote: | On Saturday 12 November 2005 04:59, Charles Steinkuehler wrote: | | What's the right way to do this in shorewall? | | Never mind...after testing some blacklist rules (and some sleep!), I | noticed the port

Re: [leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-14 Thread Erich Titl
Tom Tom Eastep wrote: ... -- http://www1.shorewall.net/Documentation.htm#Blacklist http://www1.shorewall.net/2.0/Documentation.htm#Blacklist PORTS Optional; may only be given if PROTOCOL is tcp, udp or icmp.

Re: [leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-12 Thread Charles Steinkuehler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Steinkuehler wrote: | I'm migrating to a cable-modem internet connection, and am getting all the | external junk that goes along with the 'shared' nature of this type of link. | | I'd like to drop a bunch of junk that's currently getting

[leaf-user] Dropping external cruft by destination IP/port in Shorewall

2005-11-11 Thread Charles Steinkuehler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm migrating to a cable-modem internet connection, and am getting all the external junk that goes along with the 'shared' nature of this type of link. I'd like to drop a bunch of junk that's currently getting logged, but am not sure the best way to