outsource from india chennai india programmers freelance php coder freelance outsource scripts programming complicated perl patterns php module installation
outsource from india perl installation and configuration php installation linux system administration US$15,US$19,US$11,US$10 cheap programmer
india outsource outsource india chennai india programmers php perl mysql freelance freelance programmer
SHOWCASE of php and perl scripts CONTACT US for php custom perl scripts
HOME
 
Linux IP Masquerade HOWTO
PrevChapter 7. Frequently Asked QuestionsNext

7.21. ( Log Reduction ) - My logs are filling up with packet hits due to the new "stronger" rulesets. How can I fix this?

So your realizing that a good firewall is catching a LOT of bad Internet traffic. That's a good thing but it's also filling up your logs to the point that you won't read them; that's bad. What to do?

What you need to figure out is what traffic you DON"T want to log, explicitly match those packets in the firewall, and NOT log the packets when you drop them.

For example, the TrinityOS firewall ruleset in section 10.7 (this would be a "strongest" ruleset in IPMASQ speak) gives some ideas: TrinityOS - Section 10.7

Things I recommend to filter:

  • All RFC1918 address space (TCP/IP address ranges: 10.x.y.z/8, 172.16-31.y.z/12, and 192.168.y.x/16). You should /never/ receive these packets from an Internet connection. If you do, they are most likely spoofed packets

  • Windows File and Print Sharing (Samba or CIFS): ports 137, 138, 139, and 445. Windows machines like to talk a lot though most computers don't care what they're saying.

  • Class-D Multicast addresses (if you don't use Multicast): 224.0.0.0/4

  • Class-E and F "future" addresses: 240.0.0.0/5 and 248.0.0.0/5

To a much lesser extent, you might want to filter other packets. I recommend that you verify that you are receiving these specific packet types before you filter them out.

  • RIP (the routing protocol): port 520

  • Some specific forms of ICMP packets - NOT all of them (that will break your machine and IPMASQ in general)

Finally, you'll probably find that some individual TCP/IP address out on the Internet always seem to attack your IP. So, in addition to filtering various PORTS like above, you might want to also filter by specific SOURCE IP address too. After all, it is *YOUR* firewall.

PrevHomeNext
( Logs ) - Now that I have IP Masquerading up, I'm getting all sorts of weird notices and errors in the SYSLOG log files. How do I read the IPTABLES/IPCHAINS/IPFWADM firewall errors?Up( MASQ Security ) - Can I configure IP MASQ to allow Internet users to directly contact internal MASQed servers?

Linux HOWTO full list
   This document, LDP HOWTO-INDEX, is copyrighted (c) 1995 - 2002 by Tim Bynum, Guylhem Aznar, Joshua Drake and Greg Ferguson. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html. If you have questions, please contact the LDP.
Web Design Copyright © 1999-2003. Chrisranjana Software Solutions Pvt Ltd. syndicate rss feed