hello lynn it is the option -l which is responsible for the logging.
you can redefine a rule like this: ipchains -R input 7 -s 10.0.0.0/8 -j DENY this replaces rule nr. 7 on the input chain. (rule nr. 7 was _my_ rule to deny traffic from 10.0.0.0/8 and log it, i used the above command to replace it.) you can of course decide to be more concious then me and log everything else but your rogue server. in this case you would have to insert a more specific rule ipchains -I input 6 -s 10.1.1.2/32 -j DENY which will silently deny the traffic from that specific server before the more general rule denies it and loggs it. it is impossible to determine the exact commands you would have to issue on your system (i do not use dachstein, so rules 10, 12 and 41 mean nothing to me). generally you should be able to use the same syntax that generated your rules in the first place, just avoiding -l. it is the IPCHAINS-HOWTO (http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-4.html) where more information can be found. there is also a great quick reference: http://users.owt.com/msensney/lrp/ipchains-quickref.pdf >I've got a rogue 10.x.x.x/32 server polling my Dachstein firewall >twice every 16 seconds for a dhcp server and a port 80 scan every >2 minutes. I can't find any info in the archives and sites about >"dropping" (not logging) these packets when they are deny'ed. >The packets (webtrash) I am looking to stop logging are being >denied by rules 10, 12, and 41. What is the syntax or change >I need to make to quit logging these. > >Other than this, Dachstein is perfect, already surviving two DoS >attacks without a reboot to date. > >Thanks all, >Lynn Avants >[EMAIL PROTECTED] > >-- >if linux isn't the answer, you've got the wrong question > >_______________________________________________ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
