Michael:
I'm sure it's possible with SILENT_DENY, I just
don't use it. Charles will be able to provide details,
no doubt.
Here's the relevant portion from the echoWall
rules file. Hope it helps!
-Scott
# -- next, block reserved-address traffic, a-la CIAC alert K-032
# --
Regarding silent deny's...you can block the whole
224.0.0.0/4 range (RFC-1112 Class-D multicast) without worry.
That catches IGMP, IGRP, EIGRP, and probably others. As you'd
expect, this is in the same reduce my log noise section of
echowall.rules.
And, what is the best way
For those of you who like to use 3-Com cards, Computer geeks has 3C905B (PCI
10/100) cards for $15:
http://www.compgeeks.com/details.asp?invtid=3C905B-TX
Looks like they have several other flavors of 3Com cards on-hand now as well
(ISA 3C509B-C for $5), and new 4U rack-mount cases for $90 (why I
Sorry, I haven't been keeping up with LEAF
developement like I should. I see that the new
Dachstein is available for CD or floppy. Does
Dachstein include the DMZ options of EigersteinBETA2
w/ the extended scripts 1.1?
And then some...
Static-NAT and proxy-arp DMZ architectures are now
I'm trying to use Secure iXplorer on a Win95 box to access a LRP
firewall system on which I am running OpenSSH daemon. I am able
to copy files to the LRP firewall using iXplorer, but no remote tree is
displayed. Also, I am unable to create subdirectories using iXplorer.
Using PuTTY, from the
While we all seem to be on the SILENT_DENY QA addiction,
which when used correctly works great. I just can't seem to get
it to take two different subnets on different lines. I am assuming
that the scripts will only take one as a variable without extending
the scripts a little further. ???
In
Has anybody out their seen the following, hits on port 53? Their is about
100 entries like this in a few seconds then nothing? This only happens now
and again, once or twice a week. I am using EigerStein2BETA.exe.
Sample:
Dec 1 14:48:57 kc_firewall kernel: Packet log: input DENY eth0
[ snip ]
We are un-clear as to your plans for 2.2.x kernels ;
I just want a recent 2.2.x kernel that works.
Since we have just overcome 2.2.19 issues with Sangoma wanpipe, which
are all kernel version/re-compile related, we want to release the new
wanpipe.lrp for state-of-the-state
Is it just me that's wondering, but why do you need a journaling filesystem for a
firewall that runs in RAM? I can understand (I guess) if you are using it for a
stripped down server application like smtp server, or whateverbut I was under the
impression that a journaling filesystem's
Is it just me that's wondering, but why do you need a journaling
filesystem for a firewall that runs in RAM? I can understand (I guess) if
you are using it for a stripped down server application like smtp server, or
whateverbut I was under the impression that a journaling filesystem's
best
Am Samstag, 1. Dezember 2001 19:22 schrieb Tony:
Is it just me that's wondering, but why do you need a journaling filesystem
for a firewall that runs in RAM? I can understand (I guess) if you are
using it for a stripped down server application like smtp server, or
whateverbut I was under
On Sat, 1 Dec 2001, Tony wrote:
I guess I don't completely understand why you need a JFFS for
something that under normal circumstances, isn't written to
physically. If you have a crash/powerdown situation, with resumtion
of service, you just reload your image and continue to
I like doing this, but there are concerns with doing it in anything less
than a perfectly trusted environment: If your log host is unavailable,
you're not logging; if malicious listeners are on the LAN, they can see
everything you log (could be quite useful when scanning or rooting a
On Sat, 1 Dec 2001, Charles Steinkuehler wrote:
I like doing this, but there are concerns with doing it in anything less
than a perfectly trusted environment: If your log host is unavailable,
you're not logging; if malicious listeners are on the LAN, they can see
everything you log
14 matches
Mail list logo