I'm using DCD, I set it up as firewall, with IP aliasing on eth0, DMZ switch=PRIVATE on eth2 and internal network on eth1.(thank's to bela,charles and ray).
I've got tons of logs of hits on port 53 like the following examples : Feb 14 06:42:04 firewall syslogd 1.3-3#31.slink1: restart. Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6 167.216.144.43:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=239 (#48) Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6 167.216.144.43:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=239 (#48) Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6 167.216.248.60:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=236 (#48) Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6 167.216.248.60:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=236 (#48) -----snip I've search the mailing list archives and found these following extra lines to add to ipfilter.conf file : # New Port 53 filter start IP_LIST="`cat /etc/dns_floods`" for IP in $IP_LIST; do $IPCH -I input -j DENY -p tcp -s $IP/32 -d $EXTERN_IP/32 53 -i$EXTERN_IF done; unset IP #New Port 53 filter end I've created the */etc/dns_floods* file as instructed in the archive and also added some more IP#'s and then did *svi network reload*, but those hits don't seems to stop. any idea? thank's in advance. regards, Gregor +Gregor Gede W. +CENTER FOR INFORMATION SYSTEM +ATMA JAYA YOGYAKARTA UNIVERSITY [EMAIL PROTECTED] +62 81 2271 0583 +62 81 7467 518 WATCHOUT! 3RD INTERNATIONAL SEMINAR ON SUSTAINABLE ENVIRONTMENTAL ARCHITECTURE + DIGITAL ARCHITECTURE, 9-10 MARCH 2002, YOGYAKARTA http://senvar.virtue.nu or http://senvar.uajy.web.id NATIONAL DESIGN COMPETITION http://senvar.uajy.web.id/lombadesain _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user