thanks alot. I've created a new rulesets for my pf.conf, and it improves so
much. :)
On Thu, 27 Sep 2007 06:04:49 +0100, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2007/09/27 11:51, Reza Muhammad wrote:
>> > On Wed, 26 Sep 2007 11:37:28 -0700, "Can E. Acar"
> <[EMAIL PROTECTED]>
>> > wrote:
>> >> Reza Muhammad wrote:
>> ...
>> > also
>> >
>> > There is a lot of external broadcast traffic they are probably the
> cause
>> > of
>> > the large number of state insertions/deletions. They are either a
> badly
>> > designed
>> > p2p/broadcast/whatever protocol, or the result of the worm/malware of
>> > the month.
>> >
>> > Can you add
>> >
>> > block drop in quick on sis0 all
>> >
>> > at the start of your ruleset? This way the external traffic does not
>> > create states at all.
>> >
>> > Can
>> >
>> >
>>
>> Actually I've been noticing that my ISP has been broadcasting a lot of
>> things since I've been using them.
>> For example, I would get this type of message in /var/log/message all
> the
>> time:
>> Sep 27 10:10:25 blowfish /bsd: arp: attempt to overwrite entry for
>> 192.168.1.1 on lo0 by 00:02:6f:3e:14:59 on sis0
>>
>> Anyway, about the ruleset, since I'm also running a web server, and mail
>> server on this box, I shouldn't use block quick right?
>
> Ok, in that case,
>
> block in on sis0
> pass in on sis0 to port {http, smtp}
>
> etc.
