Date: Tue, 17 Sep 1996 11:46:09 -0700 (PDT) From: Michael Dillon <michael@memra.com> To: inet-access@earth.com Cc: iap@vma.cc.nd.edu, linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: Livingston and spoofed source SYN attacks Message-ID: <Pine.BSI.3.93.960917114246.15605I-100000@sidhe.memra.com>
next in thread | raw e-mail | index | archive | help
Seems there was a little problem with the Livingston filter that I posted ---------- fragment of message ---------- I have to stand somewhat corrected. >create a filter "internet.out" >Contents: >three lines for each net block you have: > > permit 1.2.3.4/20 tcp > permit 1.2.3.4/20 udp > permit 1.2.3.4/20 icmp The more appropriate format would be: permit 1.2.3.4/20 0.0.0.0/0 tcp permit 1.2.3.4/20 0.0.0.0/0 udp permit 1.2.3.4/20 0.0.0.0/0 icmp You are *supposed* to use a src/dest netblock pair, though I have set up and used w/o a dest address and it worked. >final line to log (optional) MUST COME AFTER permit list for netblocks: > deny log If you choose not to log, then you need a line: deny Otherwise that which falls through isn't denied, obviously.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.93.960917114246.15605I-100000>