Ok, got it. Prior to submitting my ruleset in my last post I removed one key
line that I did
not think could have any influence:
block return in log on $EXT proto { udp, tcp } all
Yesss doggy... this creates a very misleading result when viewing traffic with
tcpdump.
For those who may get
On Thu, Nov 25, 2004 at 07:46:30PM -0500, Peter Matulis wrote:
--- Ilya A. Kovalenko [EMAIL PROTECTED] wrote:
These hosts, probably, infected w/ Lovesan (aka MS-blast) virus. It
scans networks for vulnerable Windows boxes to infect.
but you, should see it as incoming requests, than,
PM My firewall is pretty tight. I block all incoming by default and let out
only certain
PM destination ports. I'm currently filtering on external interface only.
PM Now I decided to do a check on all outgoing traffic
PM (filtering out of course the allowed ports)
PM and I made an interesting
--- Ilya A. Kovalenko [EMAIL PROTECTED] wrote:
PM My firewall is pretty tight. I block all incoming by default and let out
only certain
PM destination ports. I'm currently filtering on external interface only.
PM Now I decided to do a check on all outgoing traffic
PM (filtering out of
My firewall is pretty tight. I block all incoming by default and let out only
certain
destination ports. I'm currently filtering on external interface only.
Now I decided to do a check on all outgoing traffic (filtering out of course
the allowed ports)
and I made an interesting discovery.
I
On 13 Nov 2004 01:22:23 -0800, [EMAIL PROTECTED] (Peter Matulis) wrote:
My firewall is pretty tight. I block all incoming by default and let out
only certain destination ports. I'm currently filtering on
external interface only.
You do have a
block log all
at the start of your policy ?