[Firehol-support] Disabling logging of certain packets and client restrictions
Marcus Williams
marcus at quintic.co.uk
Fri Apr 22 14:56:19 BST 2005
Hi -
I've had firehol running on a server for some time and its working great
but there are two things I'd like to do:
1) restrict outgoing connections (but still be able to send mail/dns etc)
2) disable logging of the ms backscatter I get on the subnet my machine
is one (so ignore packets to 135/445 etc rather than logging the blocked
packet)
I know how to do (1) in that presumably instead of having "client all"
I'll just have a set of client lines that allow the machine to do smtp
(its an mx for a number of domains and needs to be able to send mail)
and dns (needs dns to send mail). So all I should be doing is replacing
the client line for "client smtp dns". I also want to be able to update
my machine (it runs debian) so I need to add client lines that allow
web/ftp to the uk mirror but the uk mirror for debian is a round robin
to a number of IP's so how do I do that without adding each IP?
For (2), I already block this traffic in that I dont accept it
explicitly but what I'd really like to do is not log any of this traffic
(specifically the MS/samba ports) because it blows my logs up to stupid
sizes. How do I do that? Can I add an explicit drop for say samba with a
nolog option (does that exist?)
Thanks
Marcus
--
Marcus Williams -- http://www.cad-schroer.co.uk
CAD Schroer UK, 39 Newnham Road, Cambridge, UK
More information about the Firehol-support
mailing list