Ok, got it. Prior to submitting my ruleset in my last post I removed one key
line that I did
not think could have any influence:
block return in log on $EXT proto { udp, tcp } all
Yesss doggy... this creates a very misleading result when viewing traffic with
tcpdump.
For those who may get tri
On Thu, Nov 25, 2004 at 07:46:30PM -0500, Peter Matulis wrote:
> --- "Ilya A. Kovalenko" <[EMAIL PROTECTED]> wrote:
> > These hosts, probably, infected w/ "Lovesan" (aka "MS-blast") virus. It
> > scans networks for vulnerable Windows boxes to infect.
> >
> > but you, should see it as incoming re
--- "Ilya A. Kovalenko" <[EMAIL PROTECTED]> wrote:
> PM> My firewall is pretty tight. I block all incoming by default and let out
> only certain
> PM> destination ports. I'm currently filtering on external interface only.
>
> PM> Now I decided to do a check on all outgoing traffic
> PM> (filt
PM> My firewall is pretty tight. I block all incoming by default and let out
only certain
PM> destination ports. I'm currently filtering on external interface only.
PM> Now I decided to do a check on all outgoing traffic
PM> (filtering out of course the allowed ports)
PM> and I made an interest
On 13 Nov 2004 01:22:23 -0800, [EMAIL PROTECTED] (Peter Matulis) wrote:
>My firewall is pretty tight. I block all incoming by default and let out
>only certain destination ports. I'm currently filtering on
>external interface only.
You do have a
block log all
at the start of your policy ?
My firewall is pretty tight. I block all incoming by default and let out only
certain
destination ports. I'm currently filtering on external interface only.
Now I decided to do a check on all outgoing traffic (filtering out of course
the allowed ports)
and I made an interesting discovery.
I a
