The SANS site http://www.sans.org/dosstep/ list some IP's that should be blocked from leaving a firewall. The code in the stopMartians function of (Dachstein) ipfilter.conf blocks all but one of the addresses listed in that document. The exception is
192.0.2.0/24 - TEST-NET ipfilter.conf has the rule $IPCH -A $LIST -j DENY -p all -s 192.0.0.0/24 -d 0/0 -l $* Is that a typo? _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user