Michael:
Heya. Thanks for the packet log, am updating fwlog.pl
to include an awareness of protocol 88. It knew about regular
IGRP (IP protocol 9) but not this one. :)
Regarding silent deny's...you can block the whole
224.0.0.0/4 range (RFC-1112 Class-D multicast) without worry.
That catches IGMP, IGRP, EIGRP, and probably others. As you'd
expect, this is in the same "reduce my log noise" section of
echowall.rules.
cheers,
Scott
> We just connected Dachstein-CD to a T-1 via Sangoma panpipe pci card.
>
> We are receiving a plethora of these:
>
> kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535
> 224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x0000 T=2 (#39)
>
> Yes, we know that protocol 88 is EIGRP.
>
> No, Ethernet <http://www.echogent.com/cgi-bin/fwlog.pl> does not
> recognize this.
>
> [1] Does this represent a problem? Or, is this a candidate for Silent
> Deny?
>
> [2] Dachstein Silent Deny handles *only* icmp, tcp and udp. What is the
> best way to Silent Deny these?
>
> What do you think?
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
