Hi Jim, >>> >> In the portsentry example "KILL_ROUTE" line logging is set: >> .... -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' >> > I've just tried adding the above to the "KILL_ROUTE" line.
You need the complete line, there is an example in the portsentry.conf file: KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP && /sbin/iptables -I INPUT -s $TARGET$ -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '" > I did a save > config and modules, rebooted and tried another 'ShieldsUp' scan. All that > happened is that I got the usual lot of entries in the shorewall log > showing the scan. So they never reach portsentry ;) Or did you open specific ports in shorewall? > I did a: "for i in `find / -name '*.*'`; do grep > Portsentry $i; done", looking for files with 'Portsentry', but only the > conf and help files turned up. >> What do you mean with "scanning your internal interface"? >> > Initiating a scan from a machine on the internal network. > Ok, because you always scan your external interface with "ShieldsUp". > > Jim > Eric ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/