From: Patrick Benson (benson@chello.se)
Date: Wed Feb 28 2001 - 06:30:42 PST
"Dr. Aldo Medina" wrote:
> Ok. There we go again. I have used portsentry succesfully before, and I
> think I understand how it works. I know it will verify several ports
> using a mechanism which has nothing to do with ipchains, and when it
> finds out someone is scanning the box, it will block the offending IP
> using several methods. Now then, I usually select the ipchain method,
> which will add an ipchain rule to deny packets coming from the offending
> IP. My question is: will pmfirewall do something about this new rule,
> will honour it, delete it, or simply ignore it?. And in case it doesn't
> like rules additionals to the ones it choses, is there any way I can
> tell portsentry where should it select the new rule, so pmfirewall will
> set it? Thanks for your patience.
Thanks for yours! :-)
If you use ipchains, on its own, to add rules it will not be added to
the rules that are stored in PMFirewall. The same with portsentry, if it
adds ip's that have been caught with the KILL_ROUTE command they will be
added to the ipchains list but not in PMFirewall. So you will always
have to make sure of the rulesets with "ipchains -L -n" to be sure of
what's actually happening there. I haven't yet tried a method to merge
new entries into pmfirewall.rules.local when using the other methods
when defining new rules, maybe someone else has tried it out?....
-- Patrick Benson Stockholm, Sweden **************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall" * in the message body to majordomo@pointman.org. Please direct other * questions, comments, or problems to pmfirewall-owner@pointman.org. * * Need answers fast? Check the list archive located at: * http://www.pointman.org/PMFirewall/list-archive/ *
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:40:17 PDT