Doug Sampson wrote: > > > > > I maintain that this is the cleanest solution: > > > > <http://sourceforge.net/mailarchive/message.php?msg_id=686657> > > > > I've copied your proposed solution here for reference. > > # cat /etc/ipchains.input > $IPCH -I input -j DENY -p all -s 0/0 -d 255.255.255.255 -i $EXTERN_IF > > Exactly what does the ipchain statement say? Exactly what does it deny? > Obviously I'm not at all familiar with ipchaining... and I want to understand > it fully before I implement it...
$IPCH -- /etc/ipfilter.conf: IPCH="/sbin/ipchains --no-warnings" -d 255.255.255.255 -- destination address -i $EXTERN_IF -- interface via which a packet is received -I input -- Insert one or more rules in the selected chain as the given rule number -j DENY -- what to do if the packet matches this rule -p all -- protocol of the rule or of the packet to check -s 0/0 -- Source specification I struggled with this for sometime last December, after being dragged into attbi.com. Since it is possible that that source ip can change and that I have never found any reason to _log_ packets broadcast to the entire universe (e.g., -d 255.255.255.255); therefore, I conclude that such packets deserve anonymity in that great bit bucket somewhere near /dev/null . . . HTH -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
