> While we all seem to be on the SILENT_DENY Q&A addiction,
> which when used correctly works great. I just can't seem to get
> it to take two different subnets on different lines. I am assuming
> that the scripts will only take one as a variable without extending
> the scripts a little further. ???
Different lines? SILENT_DENY is a space seperated list, so if you have more
than one entry, you need white-space between them, and quotes around the
whole thing. NOTE: whitespace can include <space>,<tab>, and <line-feed>,
so something like:
SILENT_DENY="deny1 deny2 deny3"
-or-
SILENT_DENY="deny1
deny2
deny3"
> In light of all the questions, and most everyone's general laziness
> in digging through the scripts and deciphering. What exactly is
> the minimum and the complete options on this script. From the
> example, I am assuming that you can do an entire subnet/route or
> one port from one host. I am thinking that a "man SILENT_DENY"
> will probably cut down on a lot of posts in the near future.
OK, for those unwilling (or unable) to follow the scripts, the SILENT_DENY
setting is first broken into the individual enteries seperated by whitespace
(ie the first element above is deny1). Each element is then further broken
apart using _ (underscore) to seperate fields. All fields are used as
arguments to build an ipchains command, as follows:
ipchains -A input -j DENY
-p <field1>
-s <field2>
-d 0/0 <field3>
-i $EXTERN_IF
The normal ipchains options for these fields apply. -p (protocol) can be a
protocol number, specific protocols ipchains knows about by name (like tcp,
udp, icmp), or the keyword "all". The -s (source) field can be a host IP
(1.2.3.4), a subnet (1.2.3.0/24), or even a DNS name (xyz.foo.com). The
third field,used as the destination port, can be a valid single port
(specified by name or number), a range of ports (low:high), or empty. Since
destination ports only make sense with certian protocols, ipchains will barf
if this is not empty and the protocol specified doesn't have the concept of
a destination port.
More details can be found in the ipchains documentation.
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
