Vintage wrote:
>
> I have searched the FAQs and mail archives but could not find the solution.
> I am currently running Dachstein (CD version) on the Road Runner cable
> network. As might be expected on a cable network, my logs quickly overfill
> with the following noise:
>
> Every few seconds -
>
> Jun 3 10:50:30 firewall kernel: Packet log: input DENY eth0 PROTO=17
> 10.40.32.1:67 255.255.255.255:68 L=333 S=0x80 I=31378 F=0x0000 T=255 (#9)
>
> Every three minutes -
>
> Jun 3 10:49:58 firewall kernel: Packet log: input DENY eth0 PROTO=2
> 192.168.100.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=0 F=0x0000 T=1 (#11)
>
> Thus, I added the following two rules to my Network.conf file.
>
> ############################################################################
> ##
> #Ignored Traffic:
> ############################################################################
> ##
>
> SILENT_DENY="17_10.40.32.1_68"
> SILENT_DENY="all_224.0.0.0/4"
>
> ############################################################################
> ##
[ snip ]
First off, by declaring SILENT_DENY twice (2x), the second cancels, or
overwrites, the first. Consider this:
SILENT_DENY="17_10.40.32.1_68 all_224.0.0.0/4"
However, this is not all of your problem ;>
Notice the format for SILENT_DENY:
Format: protocol_srcip[/mask][_dstport]
`srcip' means, literally, source ip address -- you have used the
_destination_ address for your second instantiation.
Unfortunately, SILENT_DENY cannot, yet, deal with destinations. You are
going to need to use the constructs that immediately follow in
/etc/network.conf:
IPCH_IN=/etc/ipchains.input
IPCH_FWD=/etc/ipchains.forward
IPCH_OUT=/etc/ipchains.output
Actually, since the errors that you want to ignore are both input
entries; so, you will need to create a /etc/ipchains.input -- and backup
when you are done. You might want to be specific, like the following,
or broaden the protocol to `all' and/or broaden the destination to
224.0.0.0/4:
$IPCH -I input -j DENY -p 2 -s 0/0 -d 224.0.0.1 -i $EXTERN_IF
hth
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
