I updated my /etc/ipfilter.conf file for the DNS flood script protection as
follows:
# Added by Charles Steinkuehler to allow more flexible internal server setup
# A function to configure the filters for firewalling
ipfilter_firewall_cfg () {
local ADDR
local DEST
local NET
#
# set default policies
#
# ONLY DENY FORWARDING ETC IF YOU KNOW WHAT YOU ARE DOING! If
# you turn off the filters, the box will become opaque to any traffic!
#
ipfilter_policy DENY
# Clear any garbage rules out of the filters
ipfilter_flush
# Block known IPs who do TCP port 53 floods
# Added to block list of IPs on 7/7/01
IP_LIST="`cat /etc/dns_floods`"
for IP in $IP_LIST; do
$IPCH -I input -j DENY -p tcp -s $IP/32 -d $EXTERN_IP/32 53 -i
$EXTERN_IF
done; unset IP
I have the dns_flood file built. After I edited the ipfilter.conf file and
dns_flood file, I saved the files, went to the # promp and issued
amberton: -root-
# svi network ipfilter flush
then
amberton: -root-
# svi network ipfilter reload
The script runs and blocks those DNS floods in my log file. I then backed up
everything on the lrp and was fine. 5 days later I had to reboot and the
script did not block the DNS flood. I had to issue the flush and reload
command for it to block the floods.
Is this correct or should this load on boot?
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
