On 10/15/2012 12:14 AM, Costantino wrote:
Thanks Tom,
The patch does work and the IPTABLES line with the -I modification indeed
it's effective in stopping the unwanted packets. Before the patch we were
receiving 1pckt/sec!
A more elegant way to do this is to:
1. Add this line to /etc/shorewall/actions:
Cirpack # Drop Cirpack KeepAlive packets
2. Place the attached file in /etc/shorewall/.
3. In your rules file, add:
Cirpack z $FW
Where 'z' is the zone that is sending the keepalive packets.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
#
# Shorewall 4 - Cirpack KeepAlive action.
#
# /usr/share/shorewall/action.Cirpack
#
# This program is under GPL
[http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2012 - Tom Eastep ([email protected])
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
#
# Cirpack[([<action>|-[,{audit|-}])]
#
# Default action is DROP
#
##########################################################################################
FORMAT 2
DEFAULTS DROP,-
BEGIN PERL;
use Shorewall::Config;
use Shorewall::Chains;
my ( $action, $audit ) = get_action_params( 2 );
fatal_error "Invalid parameter ($audit) to action Cirpack" if supplied $audit
&& $audit ne 'audit';
fatal_error "Invalid parameter ($action) to action Cirpack" unless $action =~
/^(?:ACCEPT|DROP)$/;
my $chainref = get_action_chain;
my ( $level, $tag ) = get_action_logging;
my $target = require_audit ( $action , $audit );
log_rule_limit $level, $chainref, 'Cirpack' , $action, '', $tag, 'add', '-p 17
--dport 5060 -m string --string "Cirpack KeepAlive Packet" --algo bm ' if
$level ne '';
add_ijump( $chainref , j => $target, p => 17, dport => 5060, string =>
'--string "Cirpack KeepAlive Packet" --algo bm' );
allow_optimize( $chainref );
1;
END PERL;
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
