GREGOR wrote: > I'm using DCD, I set it up as firewall, with IP aliasing on eth0, DMZ > switch=PRIVATE on eth2 and internal network on eth1.(thank's to bela,charles > and ray). > > I've got tons of logs of hits on port 53 like the following examples : >
Since you are using DCD - try adding all the port 53 flood servers in SILENT_DENY. Here is a copy of my list - note that they are all on one line each machine separated by a space. I have modified my list. # grep SILENT_DENY /etc/network.conf SILENT_DENY="tcp_64.78.235.14_53 tcp_64.56.174.186_53 tcp_64.37.200.46_53 tcp_64.14.200.154_53 tcp_62.26.119.34_53 tcp_62.23.80.2_53 tcp_216.35.167.58_53 tcp_216.34.68.2_53 tcp_216.33.35.214_53 tcp_216.220.39.42_53 tcp_212.78.160.237_53 tcp_203.208.128.70_53 tcp_203.194.166.182_53 tcp_202.139.133.129_53 tcp_194.213.64.150_53 tcp_194.205.125.26_53" svi network ipfilter reload If it stops the log noise - then backup etc. Victor McAllister _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user