Re: cleaning up my firewall script...
Lookes like it did work, 2 packets did slip through b4 the SHRED rule was applied.
--- Bjoern Schmidt <bj-schmidt@uni-paderborn.de> wrote:
> Richard Verwayen wrote:
> > Hello Bjoern,
>
> Hello Richard,
>
> >
> > you are right! There is no need for them!
>
> i removed the last three lines. Since then the kernel used the INPUT
> chain policy two times to drop packets:
>
> iptables -vL
>
> Chain INPUT (policy DROP 2 packets, 316 bytes)
> pkts bytes target prot opt in out source
> destination
> 223K 39M ACCEPT all -- any any anywhere
> anywhere state RELATED,ESTABLISHED
> 1134 58488 LAN all -- eth0 any anywhere
> anywhere state NEW
> 45 2714 LOOPBACK all -- lo any anywhere
> anywhere
> 0 0 DSL_IN tcp -- ppp0 any anywhere
> anywhere state NEW tcp dpt:ssh
> 0 0 DSL_IN tcp -- ppp0 any anywhere
> anywhere state NEW tcp dpt:auth
> 78 4902 SHRED all -- any any anywhere
> anywhere
>
> The last rule in this chain is:
>
> finish_rules()
> {
> iptables -N SHRED
> iptables -A INPUT -j SHRED
> iptables -A SHRED -j ULOG
> iptables -A SHRED -j DROP
> }
>
> This rule should match on all packets so that the chain
> policy will never be used, but it does not work correctly.
> Where is the mistake?
>
>
> --
> Greetings
> Bjoern Schmidt
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
Reply to: