|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
I have to stand somewhat corrected. >create a filter "internet.out" >Contents: >three lines for each net block you have: > > permit 1.2.3.4/20 tcp > permit 1.2.3.4/20 udp > permit 1.2.3.4/20 icmp The more appropriate format would be: permit 1.2.3.4/20 0.0.0.0/0 tcp permit 1.2.3.4/20 0.0.0.0/0 udp permit 1.2.3.4/20 0.0.0.0/0 icmp You are *supposed* to use a src/dest netblock pair, though I have set up and used w/o a dest address and it worked. >final line to log (optional) MUST COME AFTER permit list for netblocks: > deny log If you choose not to log, then you need a line: deny Otherwise that which falls through isn't denied, obviously. Doing router filters while fatigued is often a problematic process. Try and work on them when you aren't so tired, unlike me when I sent my first mail 8-) -george william herbert [email protected] - - - - - - - - - - - - - - - - -
|