On 2007/09/27 11:51, Reza Muhammad wrote:
> > On Wed, 26 Sep 2007 11:37:28 -0700, "Can E. Acar" <[EMAIL PROTECTED]>
> > wrote:
> >> Reza Muhammad wrote:
> ...
> > also
> >
> > There is a lot of external broadcast traffic they are probably the cause
> > of
> > the large number of state insertions/deletions. They are either a badly
> > designed
> > p2p/broadcast/whatever protocol, or the result of the worm/malware of
> > the month.
> >
> > Can you add
> >
> > block drop in quick on sis0 all
> >
> > at the start of your ruleset? This way the external traffic does not
> > create states at all.
> >
> > Can
> >
> >
>
> Actually I've been noticing that my ISP has been broadcasting a lot of
> things since I've been using them.
> For example, I would get this type of message in /var/log/message all the
> time:
> Sep 27 10:10:25 blowfish /bsd: arp: attempt to overwrite entry for
> 192.168.1.1 on lo0 by 00:02:6f:3e:14:59 on sis0
>
> Anyway, about the ruleset, since I'm also running a web server, and mail
> server on this box, I shouldn't use block quick right?
Ok, in that case,
block in on sis0
pass in on sis0 to port {http, smtp}
etc.
