Hi, today I had an other "nice" situatuation: Our perimeter firewall stopped working and I found, that my /var/log-partition was 100% in use. The message file was about 2.5 GB :-) "normal" for me yet was about up to 500 MB/week.
I found out, that a students Mac Book flooded the lan with broadcasts and tried to reach one outside server on the internet with port 5354. His broadcast etc. had been dropped or rejected by the shorewalls policies and had been loged - so the logfile grews very fast. Regarding the german apfelwiki (http://www.apfelwiki.de/Main/Port) port 5354 belongs to mdnsresponder which is http://developer.apple.com/opensource/internet/bonjour.html. We offer a DMZ for mobile computers from students and academics, which is directly connected to the perimeter firewall with an own subnet and nic. What could/would be a good solution or tool or your suggestions to handle such broadcast storms or situations? I can tell our students a hundred time, that some service aren't availabel and that they should disable e.g. bonjour broadcasting, but why should they care :-) And for me it isn' an option to talk to tham after they have "killed" our firewal. Thanks for your help and suggestions! Best Regards Götz Reinicke -- Götz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail [EMAIL PROTECTED] Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
