Doug Sampson wrote:
>
> > > # cat /etc/ipchains.input
^^^^^^^^^^^^^^^^^^^
You create this file, put that line in it and make sure that this line
is *NOT* commented in /etc/network.conf:
IPCH_IN=/etc/ipchains.input
These rather innocuous files can be very powerful tools in DCD!
> > > $IPCH -I input -j DENY -p all -s 0/0 -d 255.255.255.255 -i
> > $EXTERN_IF
> > >
> > > Exactly what does the ipchain statement say? Exactly what
> > does it deny?
> > > Obviously I'm not at all familiar with ipchaining... and I
> > want to understand
> > > it fully before I implement it...
> >
> > $IPCH -- /etc/ipfilter.conf:
> > IPCH="/sbin/ipchains --no-warnings"
> > -d 255.255.255.255 -- destination address
> > -i $EXTERN_IF -- interface via which a packet is received
> > -I input -- Insert one or more rules in the
> > selected chain as the given
> > rule number
> > -j DENY -- what to do if the packet
> > matches this rule
> > -p all -- protocol of the rule or of
> > the packet to check
> > -s 0/0 -- Source specification
> >
> > I struggled with this for sometime last December, after being dragged
> > into attbi.com. Since it is possible that that source ip can
> > change and
> > that I have never found any reason to _log_ packets broadcast to the
> > entire universe (e.g., -d 255.255.255.255); therefore, I conclude that
> > such packets deserve anonymity in that great bit bucket somewhere near
> > /dev/null . . .
> >
>
> How is this implemented in DCD 102? In the network.conf file? I understand
> that I can type the ipchain command at the command prompt. However that is
> good only until it is rebooted and I'd like to make that a permanent solution.
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
