Thanks for the reply.
Take a close look at your logs...sounds like you might be on a cable-mode
(or other shared-network setup). The denied packets are probably being
generated by one of your 'neighbors', and are coming in your external
interface, otherwise they wouldn't be getting logged...
I am on a shared network of windows machines. The denied packets come from
various machines, source and destination are both internal. If these
shouldn't be logged, then I need to have a very close look at the ipchains
generated.
Also, if I want to specify source ports for incoming traffic, do I have
to
hard code that in the filter file?
Probably, although you don't mention what you're trying to specify source
ports for. If you need to make custom rules, that's what the
ipchains.input, ipchains.output, and ipchains.forward files are for in
/etc.
I want local users to be able to ssh into external machines, and (being
fairly pedantic about firewalls) I only want to specify port 22 for external
machines. If I edit those files, how do they relate to the config files (No
2 on the network config menu)
zcat /path/to/package.lrp | tar -x
Thanks, that worked fine.
Finally, as a constructive suggestion, does anyone think it would be
useful
if all ipchains rules where built up in one place in the config, and it
was
all done in a more 'tabular' fashion, so that rules could be added
easily,
and options such as logging for some of the defaults could be easily
switched off.
Probably, but it would take a lot of work. Are you volunteering?
Unfortunately I don't think I've got the time at the moment. I might have in
a few months though.
Thanks for a great product by the way.
regards
Dave
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user