On 06/24/2013 07:01 AM, Ruth Ivimey-Cook wrote:> Hi
>
> I recently coded this line into my gateway''s crontab:
>
> /sbin/shorewall restart && /sbin/shorewall drop `awk
> ''/Shorewall:FORWARD:REJECT:IN=ppp0 OUT=ppp0 MAC= SRC=/ { print
$10;}''
> /var/log/syslog /var/log/syslog.1 |sort -u |cut -c5-`
>
> with the intention that attempts to forward through my node were likely
> from compromised machines and dropping connections from them might
> prevent other bad things happeneing as well.
>
> Is this a good thing to do?
> Is there a better way?
Have you ever actually caught any traffic using that approach?
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev