Hi
I recently coded this line into my gateway's crontab:
/sbin/shorewall restart && /sbin/shorewall drop `awk
'/Shorewall:FORWARD:REJECT:IN=ppp0 OUT=ppp0 MAC= SRC=/ { print $10;}'
/var/log/syslog /var/log/syslog.1 |sort -u |cut -c5-`
with the intention that attempts to forward through my node were likely
from compromised machines and dropping connections from them might
prevent other bad things happeneing as well.
Is this a good thing to do?
Is there a better way?
Thanks
Ruth
--
Software Manager & Engineer
Tel: 01223 414180
Blog: http://www.ivimey.org/blog
LinkedIn: http://uk.linkedin.com/in/ruthivimeycook/
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
