[PLUG] Ipchains question

Richard Seymour paynoattention at anarchysoftware.com
Sat Jun 15 14:52:33 UTC 2002


I have the following chunk of rules in my firewall:


# Enable logging for selected denied packets
ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \
                    -d $IPADDR -l -j DENY
ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \
               -d $IPADDR $PRIVPORTS -l -j DENY
ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \
               -d $IPADDR $UNPRIVPORTS -l -j DENY
ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp \
               -s $ANYWHERE 5 -d $IPADDR -l -j DENY
ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp \
               -s $ANYWHERE 13:18 -d $IPADDR -l -j DENY

I also have a summary of my logs emailed to me daily. I've been getting 
so many hits on port 1433 (some SQL server exploit thingy), that it's 
getting hard to ready the summary emails. I'd like to keep denying port 
1433, but NOT log it.

What's the proper way to do this?

-- 
Professor Marvel never guesses. He knows!
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Richard Seymour, the Man Behind the Curtain
CHEEP GEEKS      Anarchy Software       FREE GEEK





More information about the PLUG mailing list