On 2007/09/27 11:51, Reza Muhammad wrote: > > On Wed, 26 Sep 2007 11:37:28 -0700, "Can E. Acar" <[EMAIL PROTECTED]> > > wrote: > >> Reza Muhammad wrote: > ... > > also > > > > There is a lot of external broadcast traffic they are probably the cause > > of > > the large number of state insertions/deletions. They are either a badly > > designed > > p2p/broadcast/whatever protocol, or the result of the worm/malware of > > the month. > > > > Can you add > > > > block drop in quick on sis0 all > > > > at the start of your ruleset? This way the external traffic does not > > create states at all. > > > > Can > > > > > > Actually I've been noticing that my ISP has been broadcasting a lot of > things since I've been using them. > For example, I would get this type of message in /var/log/message all the > time: > Sep 27 10:10:25 blowfish /bsd: arp: attempt to overwrite entry for > 192.168.1.1 on lo0 by 00:02:6f:3e:14:59 on sis0 > > Anyway, about the ruleset, since I'm also running a web server, and mail > server on this box, I shouldn't use block quick right?
Ok, in that case, block in on sis0 pass in on sis0 to port {http, smtp} etc.