-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dario Lesca wrote:
| Hi, which it is the better way to limit the logs of a single zone (es:
| limit log of net)?
|
| policy:net all DROP info 10/sec:40
|
| Is this a good solution?
No -- that limits TCP SYNs from the ''net'' zone. There is no
way to limit
the logging of packets from an individual zone. I suggest that you set
the LOGLIMIT and LOGBURST in shorewall.conf; that will limit each
individual logging rule to the limits you specify.
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBNIUyO/MAbZfjDLIRAqa/AJsEqYOPHzic1kDFLjw6h+Z3+UMb2wCfUsCX
rtC37ad8wug0GBgV4YMLimc=8Ip9
-----END PGP SIGNATURE-----