Eric Spakman wrote: > Hi Jim, > > >>> Does anything show up in the /var/lib/portsentry/ directory? >>> >>> >> Only 2 empty files - portsentry.blocked.tcp and portsentry.blocked.udp. >> I've got both BLOCK_UDP and BLOCK_TCP set to zero , because I only want >> warnings to start with, and I've set KILL_ROUTE="/sbin/iptables -I INPUT -s >> $TARGET$ -j DROP" . I was hoping that if I got GRC's 'ShieldsUp' to >> scan my machine on the internal interface, that I would get a log file >> somewhere with warning entries. >> >> > In the portsentry example "KILL_ROUTE" line logging is set: > .... -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' > > I've just tried adding the above to the "KILL_ROUTE" line. I did a save config and modules, rebooted and tried another 'ShieldsUp' scan. All that happened is that I got the usual lot of entries in the shorewall log showing the scan. I did a: "for i in `find / -name '*.*'`; do grep Portsentry $i; done", looking for files with 'Portsentry', but only the conf and help files turned up. > What do you mean with "scanning your internal interface"? > Initiating a scan from a machine on the internal network.
Jim ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
