Re: DNS calls....
On Thu, May 03, 2001 at 08:22:45AM -0000, Jerzy Miszczyk wrote:
> I am sorry for brief description of the problem. There is no diald
> installed, the system runs straight forward "isdnutils". Something
> keeps the line up. Every few minutes there is a call to a broadcast
> address and port 138,
that's probably samba.
use ipchains to block ports 137-139 (both inbound and outbound) on your
ippp0 interface. you'll want to do that for security reasons, anyway.
> or a call to a DNS server :(.
you can't do the same for dns requests, because that would block DNS
when the line was up.
what you can do is write a script which adds a block rule for port 53,
and run that when you take the line down. and another script which
removes that block rule and run that when you want the line to come up.
another alternative is to disable auto dialing in isdn. edit
/etc/isdn/device.ippp0 and change:
DIALMODE=auto
to
DIALMODE=off
then run "isdnctrl dial ippp0" when you want to dial out and "isdnctrl
hangup ippp0" to hang up.
alternatively, just run "/etc/init.d/isdnutils stop" to kill the isdn
connection and "/etc/init.d/isdnutils start" to bring it up again.
if you need to allow non-root users to bring the isdn line up or down,
you could write a sudo wrapper for either of these alternatives.
craig
--
craig sanders <cas@taz.net.au>
GnuPG Key: 1024D/CD5626F0
Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57 52C3 EC32 6810 CD56 26F0
Reply to: