[Firehol-support] Too many log messages

Rick Marshall rjm at zenucom.com
Fri Nov 11 23:24:06 GMT 2005 

perhaps a bit broad, but i maintain a drop policy on lots of udp stuff:

# Drop insecure ports

server_drop_ports="tcp/42 tcp/443 udp/1024:65535 tcp/1024:65535"
client_drop_ports="default"

and in the interface definition:

        server "drop" drop

seems to cut out a lot of unwanted stuff.

rick

Richard Williams wrote:

> Hi
>
>  
>
> The users on the network I operate have Macintosh computers with one 
> of the applications being Microsoft Office 2004.  This constantly 
> pumps out packets on UDP 2222 and the packets contain details of the 
> license code in use.  Then if any other Macintosh running Office 2004 
> picks a packet with its license code, Office 2004 is closed down on 
> the second computer.  All this is to do with Microsoft stopping 
> illegal pirating and copying of its software.
>
>  
>
> However, the consequence for the server with Firehol running is that 
> the log is quickly filling up with messages like
>
>  
>
> Nov 11 09:40:33 server kernel: IN-dhcp:IN=eth0 OUT= 
> MAC=ff:ff:ff:ff:ff:ff:00:0d:93:b8:60:f8:08:00 SRC=10.6.18.36 
> DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=46083 
> PROTO=UDP SPT=60344 DPT=2222 LEN=160
>
>  
>
> Does anyone have any ideas how I can stop these messages getting into 
> the log?
>
>  
>
> Regards
>
>  
>
> Richard Williams
>
>  
>
> ****************************************************
> Richard Williams
> email: richard at everything4it.co.uk <mailto:richard at everything4it.co.uk>
> mobile: 07981 734697
> ****************************************************
> The contents of this email message and any attachments are 
> confidential and are intended solely for addressee. The information 
> may also be legally privileged. This transmission is sent in trust, 
> for the sole purpose of delivery to the intended recipient. If you 
> have received this transmission in error, any use, reproduction or 
> dissemination of this transmission is strictly prohibited. If you are 
> not the intended recipient, please immediately notify the sender by 
> reply email or at +44(0)7981 734697 and delete this message and its 
> attachments, if any.
>
>  
>
> !DSPAM:4374682f41991241271493! 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: rjm.vcf
Type: text/x-vcard
Size: 146 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20051112/4c7f0844/attachment-0003.vcf>

More information about the Firehol-support mailing list