> kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535 > 224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x0000 T=2 (#39) > > Yes, we know that protocol 88 is EIGRP. > > No, Ethernet <http://www.echogent.com/cgi-bin/fwlog.pl> does not > recognize this. > > [1] Does this represent a problem? Or, is this a candidate for Silent > Deny?
Not a problem, unless you feel compelled to get a Cisco or other advnced router running so you can start swapping routing info with your ISP...of course they probably won't listen to you anyway (unless they don't know how to properly configure their router). Ideal candidate for the bit-bucket. > [2] Dachstein Silent Deny handles *only* icmp, tcp and udp. What is the > best way to Silent Deny these? Um...not exactly. IPChains (and hence most of the network.conf settings) only knows about icmp, tcp, and udp by NAME, but you can stick in arbitrary protocols if you want. From Dachstein network.conf: # Traffic to completely ignore...define here to prevent filling your logs # Space seperated list: protocol_srcip/mask_dstport #SILENT_DENY="udp_207.235.84.1_route udp_207.235.84.0/24_37" So you want something like: SILENT_DENY="88_x.y.z.158" <humor>Must be one of those new ipv6 addresses...is that base64 encoding?</humor> Note the missing third field (port number), which only makes sense with icmp/tcp/udp. Leaving this blank prevents the error you would get trying to specify a port with a custom protocol. Not really obvious, but it should work... Maybe I should make the comment something like: # Space seperated list: protocol_srcip/mask[_dstport] Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
