LinuxSA Mailing list archives

  From: Alan Kennington <akenning@topology.org>
  To  : Richard Sharpe <sharpe@ns.aus.com>
  Date: Sun, 6 May 2001 15:23:02 +0930

Re: IDENTD is it really needed for sendmail?

On Sun, May 06, 2001 at 03:15:33PM +0900, Richard Sharpe wrote:
> 
> >I my current default-drop scripts, I found that
> >remote MTAs were generating several lines in my log file
> >every time I was receiving e-mail. That slows down e-mail
> >and wastes space in the log files. (And my time/effort while
> >I check to see if it's a hack attempt.)
> 
> Which silently drops packets that the rules do not accept. I assume you
> mean you have a policy of DENY.

Richard,

Nope. The spanking new "iptables" with linux 2.4.x now uses
DROP instead of DENY.
More versionitis, I'm afraid!

--------------------------------------------------------
iptables -P INPUT DROP

# Set up chains for logging drops/rejects.
iptables --new-chain LOG_DROP
iptables -A LOG_DROP -j LOG
iptables -A LOG_DROP -j DROP

iptables --new-chain LOG_REJ
iptables -A LOG_REJ -j LOG
iptables -A LOG_REJ -j REJECT  
--------------------------------------------------------

And so forth and so forth.
E.g. see "man iptables".

Cheers,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject