Thank-you Charles, That is more than what I was hoping for and complete. I think I understand exactly that part of the script (being a dummy). In all regards, it gives an archive reference to go by that I couldn't find. I'll be the first to say that your one of the scripting gods. I can decode most scripts I need to, but I get completely lost in the dachstein firewall script. It'll take me more time and maybe a few more brain cells for the understanding to kick in.
Dachstein is definately something you should be proud of! Thanks again, Lynn Avants [EMAIL PROTECTED] > > While we all seem to be on the SILENT_DENY Q&A addiction, > > which when used correctly works great. I just can't seem to get > > it to take two different subnets on different lines. I am > > assuming that the scripts will only take one as a variable > > without extending the scripts a little further. ??? > > Different lines? SILENT_DENY is a space seperated list, so if you > have more than one entry, you need white-space between them, and > quotes around the whole thing. NOTE: whitespace can include > <space>,<tab>, and <line-feed>, so something like: > > SILENT_DENY="deny1 deny2 deny3" > -or- > SILENT_DENY="deny1 > deny2 > deny3" > > > In light of all the questions, and most everyone's general > > laziness in digging through the scripts and deciphering. What > > exactly is the minimum and the complete options on this script. > > From the example, I am assuming that you can do an entire > > subnet/route or one port from one host. I am thinking that a "man > > SILENT_DENY" will probably cut down on a lot of posts in the near > > future. > > OK, for those unwilling (or unable) to follow the scripts, the > SILENT_DENY setting is first broken into the individual enteries > seperated by whitespace (ie the first element above is deny1). > Each element is then further broken apart using _ (underscore) to > seperate fields. All fields are used as arguments to build an > ipchains command, as follows: > > ipchains -A input -j DENY > -p <field1> > -s <field2> > -d 0/0 <field3> > -i $EXTERN_IF > > The normal ipchains options for these fields apply. -p (protocol) > can be a protocol number, specific protocols ipchains knows about > by name (like tcp, udp, icmp), or the keyword "all". The -s > (source) field can be a host IP (1.2.3.4), a subnet (1.2.3.0/24), > or even a DNS name (xyz.foo.com). The third field,used as the > destination port, can be a valid single port (specified by name or > number), a range of ports (low:high), or empty. Since destination > ports only make sense with certian protocols, ipchains will barf if > this is not empty and the protocol specified doesn't have the > concept of a destination port. > > More details can be found in the ipchains documentation. > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user -- if linux isn't the answer, you've got the wrong question _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
