> On Wed, 26 Sep 2007 11:37:28 -0700, "Can E. Acar" <[EMAIL PROTECTED]>
> wrote:
>> Reza Muhammad wrote:
...
> also
>
> There is a lot of external broadcast traffic they are probably the cause
> of
> the large number of state insertions/deletions. They are either a badly
> designed
> p2p/broadcast/whatever protocol, or the result of the worm/malware of
> the month.
>
> Can you add
>
> block drop in quick on sis0 all
>
> at the start of your ruleset? This way the external traffic does not
> create states at all.
>
> Can
>
>
Actually I've been noticing that my ISP has been broadcasting a lot of
things since I've been using them.
For example, I would get this type of message in /var/log/message all the
time:
Sep 27 10:10:25 blowfish /bsd: arp: attempt to overwrite entry for
192.168.1.1 on lo0 by 00:02:6f:3e:14:59 on sis0
Anyway, about the ruleset, since I'm also running a web server, and mail
server on this box, I shouldn't use block quick right?
Rather block in quick on sis0 all, then open up the ports that I need to
use? Or am I missing the point?
Thanks.
