My little network is 212.240.163.96/28 It is also my ''dmz'' (net = 212.240.163.97, dmz = 212.240.163.98 - 110) I get this behaviour with the probing that goes on:- any ''normal'' dmz address without a webserver:- Oct 12 20:10:35 gate kernel: Shorewall:net2all:DROP:IN=ippp0 OUT=eth1 SRC=212.240.38.132 DST=212.240.163.104 LEN=44 TOS=0x08 PREC=0x00 TTL=121 ID=50660 DF PROTO=TCP SPT=1587 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 to the ''network'' address:- Oct 12 20:11:09 gate kernel: Shorewall:FORWARD:REJECT:IN=ippp0 OUT=ippp0 SRC=212.240.38.132 DST=212.240.163.96 LEN=44 TOS=0x08 PREC=0x00 TTL=121 ID=4094 DF PROTO=TCP SPT=3376 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Is there any way I can make the network address DROP it rather than REJECT it? What extra info do you need? Dirk
Dirk Koopman wrote:> My little network is 212.240.163.96/28 > > It is also my ''dmz'' (net = 212.240.163.97, dmz = 212.240.163.98 - 110) > > I get this behaviour with the probing that goes on:- > > any ''normal'' dmz address without a webserver:- > > Oct 12 20:10:35 gate kernel: Shorewall:net2all:DROP:IN=ippp0 OUT=eth1 > SRC=212.240.38.132 DST=212.240.163.104 LEN=44 TOS=0x08 PREC=0x00 TTL=121 > ID=50660 DF PROTO=TCP SPT=1587 DPT=80 WINDOW=8192 RES=0x00 SYN > URGP=0 > > to the ''network'' address:- > > Oct 12 20:11:09 gate kernel: Shorewall:FORWARD:REJECT:IN=ippp0 OUT=ippp0 > SRC=212.240.38.132 DST=212.240.163.96 LEN=44 TOS=0x08 PREC=0x00 TTL=121 > ID=4094 DF PROTO=TCP SPT=3376 DPT=80 WINDOW=8192 RES=0x00 SYN > URGP=0 > > Is there any way I can make the network address DROP it rather than > REJECT it? >In /etc/shorewall/policy: net net DROP or if you want them logged net net DROP info Depending on your version, you may also need to include the "multi" option for ippp0 in /etc/shorewall/interfaces. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
That was just right... I *love* this product... Dirk On Sat, 12 Oct 2002 12:45:31 -0700 Tom Eastep <teastep@shorewall.net> wrote:> > > Dirk Koopman wrote: > > My little network is 212.240.163.96/28 > > > > It is also my ''dmz'' (net = 212.240.163.97, dmz = 212.240.163.98 - > > 110) > > > > I get this behaviour with the probing that goes on:- > > > > any ''normal'' dmz address without a webserver:- > > > > Oct 12 20:10:35 gate kernel: Shorewall:net2all:DROP:IN=ippp0 > > OUT=eth1 SRC=212.240.38.132 DST=212.240.163.104 LEN=44 TOS=0x08 > > PREC=0x00 TTL=121 ID=50660 DF PROTO=TCP SPT=1587 DPT=80 WINDOW=8192 > > RES=0x00 SYN URGP=0 > > > > to the ''network'' address:- > > > > Oct 12 20:11:09 gate kernel: Shorewall:FORWARD:REJECT:IN=ippp0 > > OUT=ippp0 SRC=212.240.38.132 DST=212.240.163.96 LEN=44 TOS=0x08 > > PREC=0x00 TTL=121 ID=4094 DF PROTO=TCP SPT=3376 DPT=80 WINDOW=8192 > > RES=0x00 SYN URGP=0 > > > > Is there any way I can make the network address DROP it rather than > > REJECT it? > > > > In /etc/shorewall/policy: > > net net DROP > > or if you want them logged > > net net DROP info > > Depending on your version, you may also need to include the "multi" > option for ippp0 in /etc/shorewall/interfaces. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users