Michael: I'm sure it's possible with SILENT_DENY, I just don't use it. Charles will be able to provide details, no doubt. Here's the relevant portion from the echoWall rules file. Hope it helps!
-Scott # -- next, block reserved-address traffic, a-la CIAC alert K-032 # -- includes: 0.0.0.0/8 [Historical Broadcast] # -- 169.254.0.0/16 [DHCP default] # -- 192.0.2.0/24 [TEST-NET] # -- 224.0.0.0/4 [RFC-1112, Class-D multicast] # -- [224.0.0.0 through 239.255.255.25] # -- 240.0.0.0/5 [Class-E multicast] # -- 248.0.0.0/5 [Unallocated] # -- # -- use -b switch to create one -d for every -s $IPCHAINS -A input -i $IF_EXT -b -s 0.0.0.0/8 -j DENY $IPCHAINS -A input -i $IF_EXT -b -s 169.254.0.0/16 -j DENY $IPCHAINS -A input -i $IF_EXT -b -s 192.0.2.0/24 -j DENY $IPCHAINS -A input -i $IF_EXT -b -s 224.0.0.0/4 -j DENY $IPCHAINS -A input -i $IF_EXT -b -s 240.0.0.0/5 -j DENY $IPCHAINS -A input -i $IF_EXT -b -s 248.0.0.0/5 -j DENY On Sat, 1 Dec 2001, Michael D. Schleif wrote: > > "Scott C. Best" wrote: > > > > Heya. Thanks for the packet log, am updating fwlog.pl > > to include an awareness of protocol 88. It knew about regular > > IGRP (IP protocol 9) but not this one. :) > > > > Regarding silent deny's...you can block the whole > > 224.0.0.0/4 range (RFC-1112 Class-D multicast) without worry. > > That catches IGMP, IGRP, EIGRP, and probably others. As you'd > > expect, this is in the same "reduce my log noise" section of > > echowall.rules. > > And, what is the best way to do this? > > Charles, is this possible with SILENT_DENY? > > Or, need we implement a special ipchains rule in /etc/ipchains.input ??? > > What do you think? > > > > We just connected Dachstein-CD to a T-1 via Sangoma panpipe pci card. > > > > > > We are receiving a plethora of these: > > > > > > kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535 > > > 224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x0000 T=2 (#39) > > > > > > Yes, we know that protocol 88 is EIGRP. > > > > > > No, Ethernet <http://www.echogent.com/cgi-bin/fwlog.pl> does not > > > recognize this. > > > > > > [1] Does this represent a problem? Or, is this a candidate for Silent > > > Deny? > > > > > > [2] Dachstein Silent Deny handles *only* icmp, tcp and udp. What is the > > > best way to Silent Deny these? > > > > > > What do you think? > > -- > > Best Regards, > > mds > mds resource > 888.250.3987 > > Dare to fix things before they break . . . > > Our capacity for understanding is inversely proportional to how much we > think we know. The more I know, the more I know I don't know . . . > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user