Michael:
I'm sure it's possible with SILENT_DENY, I just
don't use it. Charles will be able to provide details,
no doubt.
Here's the relevant portion from the echoWall
rules file. Hope it helps!
-Scott
# -- next, block reserved-address traffic, a-la CIAC alert K-032
# -- includes: 0.0.0.0/8 [Historical Broadcast]
# -- 169.254.0.0/16 [DHCP default]
# -- 192.0.2.0/24 [TEST-NET]
# -- 224.0.0.0/4 [RFC-1112, Class-D multicast]
# -- [224.0.0.0 through 239.255.255.25]
# -- 240.0.0.0/5 [Class-E multicast]
# -- 248.0.0.0/5 [Unallocated]
# --
# -- use -b switch to create one -d for every -s
$IPCHAINS -A input -i $IF_EXT -b -s 0.0.0.0/8 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 169.254.0.0/16 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 192.0.2.0/24 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 224.0.0.0/4 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 240.0.0.0/5 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 248.0.0.0/5 -j DENY
On Sat, 1 Dec 2001, Michael D. Schleif wrote:
>
> "Scott C. Best" wrote:
> >
> > Heya. Thanks for the packet log, am updating fwlog.pl
> > to include an awareness of protocol 88. It knew about regular
> > IGRP (IP protocol 9) but not this one. :)
> >
> > Regarding silent deny's...you can block the whole
> > 224.0.0.0/4 range (RFC-1112 Class-D multicast) without worry.
> > That catches IGMP, IGRP, EIGRP, and probably others. As you'd
> > expect, this is in the same "reduce my log noise" section of
> > echowall.rules.
>
> And, what is the best way to do this?
>
> Charles, is this possible with SILENT_DENY?
>
> Or, need we implement a special ipchains rule in /etc/ipchains.input ???
>
> What do you think?
>
> > > We just connected Dachstein-CD to a T-1 via Sangoma panpipe pci card.
> > >
> > > We are receiving a plethora of these:
> > >
> > > kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535
> > > 224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x0000 T=2 (#39)
> > >
> > > Yes, we know that protocol 88 is EIGRP.
> > >
> > > No, Ethernet <http://www.echogent.com/cgi-bin/fwlog.pl> does not
> > > recognize this.
> > >
> > > [1] Does this represent a problem? Or, is this a candidate for Silent
> > > Deny?
> > >
> > > [2] Dachstein Silent Deny handles *only* icmp, tcp and udp. What is the
> > > best way to Silent Deny these?
> > >
> > > What do you think?
>
> --
>
> Best Regards,
>
> mds
> mds resource
> 888.250.3987
>
> Dare to fix things before they break . . .
>
> Our capacity for understanding is inversely proportional to how much we
> think we know. The more I know, the more I know I don't know . . .
>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
