Julian Church <[EMAIL PROTECTED]> writes:
> Since the packets you're seeing are pretty much exclusively harmless
> "chatter" it's more user friendly this way.
You mean Windows users using the Internet as "network neighborhood"?
I'm not too familiar with Windows hosts connected to the Internet
thr
Hi,
is there any reason that the Windows ports in common.def are set to
reject instead of DROP?
I like to slow scanners down if possible, so DROP would be the natural
choice.
The only ports where I use reject are ident (to be friendly) and some
annoying P2P ports (to get them stopped faster).
Reg
Frank Tegtmeyer <[EMAIL PROTECTED]> writes:
> I interpreted Windows traffic coming from the Internet ...
I think I see my mistake - common.def is applied to all traffic on all
interfaces (if not handled by rules).
So the reject is choosen to be friendly to internal users, right?
Regar
Tom Eastep <[EMAIL PROTECTED]> writes:
> you don't like it, create /etc/shorewall/common and put the rules that
> YOU like in it.
I did this - my question was about why these defaults are used. I
suspect it's only a matter of personal preferences. But maybe I miss
some obvious reason - I would li
Tom Eastep <[EMAIL PROTECTED]> writes:
> Because there are simply too many TCP stacks out there with minor
> problems that you are effectively blacklisting if you use this option.
Ok, that's true for the average case. I had this very special network
in mind that is W2k only. Anyway - because ther
Tom Eastep <[EMAIL PROTECTED]> writes:
> I strongly recommend *against* using that option on a production router.
Because its experimental status or are there any other reasons?
Regards, Frank
---
This SF.Net email sponsored by: Free pre-buil
Hi,
I set "dropunclean" on an interface that W2k clients use as gateway to
another location (system is Bering 1.2).
After checking the logs I found some dropped (unclean) tcp packets that were
sent to port 445 of a W2k server. Its not a big deal because NetBT is
still available (port 139) but I wo
Raymond Page <[EMAIL PROTECTED]> writes:
> ability to dns lookups from my Bering box. It can ping nameservers, however
> the lookup seems to have died. Any ideas why?
The first bet is always that the generated logs are not taken by the
responsible processes. If that occurs, dnscache will stop
"Alex Rhomberg" <[EMAIL PROTECTED]> writes:
> This is a good place to advertise my work: I have written a bunch of
> scripts
Could you add a link please?
Regards, Frank
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
h