RE: [suse-security] Antwort: Re: [suse-security] IPTables
OK ... I've mailed another question too ... how to log all incoming connections on device ippp0 ??? and how to set a limit per second ???
All incoming calls were always logged in /var/log/isdnlog Which type of limit? I only now the command to hang up after x sec without traffic. You should configure this with yast or type in tewh command directly isdnctrl huptimeout ippp0 <time in sec>
Mit freundlichen Grüßen Bruno Leonhardt
CLP Domino R5 Systemadministrator ______________________________________________________________ __________________________________________
AnalyTek Systemhaus Hospitalstr. 2a
D-65589 Hadamar
Tel.: 06433/81403-15 Fax : 06433/81403-40
Peter Wiersig
<wiersig@glam An: suse-security@suse.com us.de> Kopie:
Thema: Re: [suse-security] IPTables 27.11.01
16:24
On Tuesday, 27. November 2001 16:06 Bjoern Engels wrote:
On Tuesday, 27. November 2001 15:55, Arthur H. Johnson II wrote:
Try "iptables -I INPUT -i eth0 -p icmp -j DENY".
I wouldn't do that because ICMP is not evil, it helps your box if errors occur. Better try
iptables -A INPUT -i eth0 -p icmp --icmp-types \ destination-unreachable source-quench time-exceeded echo-reply \ parameter-problem -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -j DENY
or don't use iptables for an option which can be handled by the kernel directly: /proc/sys/net/ipv4/icmp_echo_ignore_all
e.g. put "cat 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" in boot.local
Peter
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (1)
-
Thomas Schmidt