Hello: I'm getting a fair number of UDP connections to port 59695. The connections seem to come from primarily four or five IP addresses at the rate of one per minute or so. I log and drop those connections, but unfortunately my log fills up quickly.
Is there a way to continue to drop all UDP connections to port 59695, but limit the logging to only one entry per IP address per hour? If so, I'll still have an indication of the dropped connections without overloading the log file. I've looked through the help files and examples, but they seem to apply to ACCEPT rules, not DROP rules. Is there a way to extend log limiting to DROP also? Incidentally, a quick Google search didn't turn up anything obvious on UDP port 59695. Does anyone have any idea what that is? Lastly, and most important, thanks for the great product! As a hobbyist, I've learned quite a bit by tinkering with Shorewall. Thank you. -- Brian Schang ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
