> Dec 3 22:55:57 oldbox kernel: Packet log: input REJECT eth1 PROTO=17 > 192.168.77.250:1717 255.255.255.255:162 L=96 S=0x00 I=43029 F=0x0000 > T=31 (#65) > > where 192.168.77.250 is the IP address of my wireless hub. I don't think > I can turn off the behavior in the hub, and I'd rather that the REJECTS > not fill the logs (I get 6-7 entries per hour). > > I'm running the tried and true EigersteinBETA2, and yes, eth1 is the > internal adapter. What's the best approach to take with this stuff? > permit internally? Turn off logging? make a special rule in > ipfilter.conf?
You don't have support for the SILENT_DENY varaible without upgrading your scripts, I don't think you should turn off logging, and there's no reason to allow the packets, so you need a special rule in ipfilter.conf. Add the following to the ipfilter_firewall_cfg () procedure in ipfilter.conf, somewhere after where the rules get flushed. At the end of the file, just before the closing } is a handy location that's easy to find later. $IPCH -A input -j DENY -p 17 -s 192.168.77.250 -d 0/0 162 And the packets will be denied without being logged. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
