hello shorewall list how to include this rule iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP in shorewall config all testimonials are walcome -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
Le lundi 19 septembre 2011 04:05, ml@smtp.fakessh.eu a écrit :> hello shorewall list > > how to include this rule > iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP > > in shorewall config > > all testimonials are walcomeand how to add this rule iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -f -j DROP -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
On Mon, 19 Sep 2011 04:05:26 +0200, ml@smtp.fakessh.eu wrote:> hello shorewall list > > how to include this rule > iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP > > in shorewall config > > all testimonials are walcomeadd tcpflags to the interface eth0 in interface (file) should do imho ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
On Mon, 19 Sep 2011 04:41:44 +0200, ml@smtp.fakessh.eu wrote:> Le lundi 19 septembre 2011 04:05, ml@smtp.fakessh.eu a écrit : >> hello shorewall list >> >> how to include this rule >> iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP >> >> in shorewall config >> >> all testimonials are walcome > > and how to add this rule > iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP > iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP > iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP > iptables -A INPUT -f -j DROPhttp://manpages.ubuntu.com/manpages/hardy/man5/shorewall-policy.5.html and more info in man shorewall-policy, and i lost to give same about man shorewall-interfaces pretty much of that default rules are there :) PS: i hate ubuntuforums for letting google index pages that needs logins ! ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Le lundi 19 septembre 2011 07:54, Benny Pedersen a écrit :> On Mon, 19 Sep 2011 04:41:44 +0200, ml@smtp.fakessh.eu wrote: > > Le lundi 19 septembre 2011 04:05, ml@smtp.fakessh.eu a écrit : > >> hello shorewall list > >> > >> how to include this rule > >> iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP > >> > >> in shorewall config > >> > >> all testimonials are walcome > > > > and how to add this rule > > iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP > > iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP > > iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP > > iptables -A INPUT -f -j DROP > > http://manpages.ubuntu.com/manpages/hardy/man5/shorewall-policy.5.html > > and more info in man shorewall-policy, and i lost to give same about > man shorewall-interfaces > > pretty much of that default rules are there :) > > > PS: i hate ubuntuforums for letting google index pages that needs > logins ! >my file /etc/shorewall/policy is standard i quote #LAST LINE -- DO NOT REMOVE #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST $FW net DROP info net $FW DROP info loc loc ACCEPT # The FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE I meet these bulks yet still apache daemons who attacks me -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
On Sep 19, 2011, at 12:36 PM, ml@smtp.fakessh.eu wrote:> > my file /etc/shorewall/policy is standard > i quote > #LAST LINE -- DO NOT REMOVE > #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST > $FW net DROP info > net $FW DROP info > loc loc ACCEPT > # The FOLLOWING POLICY MUST BE LAST > all all REJECT info > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > I meet these bulks yet still apache daemons who attacks meI suggest that you read about the LIMIT:BURST column in that file. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1