NTP, ntpdate, and ISP-based firewall
jdow
jdow at earthlink.net
Thu Mar 4 21:51:09 UTC 2004
From: "Alexander Dalloz" <alexander.dalloz at uni-bielefeld.de>
> Am Do, den 04.03.2004 schrieb Rodolfo J. Paiz um 21:00:
> > At 13:29 3/4/2004, you wrote:
> > >If your own firewall is blocking the return packets it should show up
> > >in your main system logs, /var/log/messages.
> >
> > It would if you REJECT but not if you DROP, right?
>
> No, there is no difference between REJECT and DROP in that issue. To log
> REJECTs and DROPs (I dislike DROP much) you have to set up proper
> logging rules with iptables. As an example you might log events with
> something like:
>
> iptables -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags
> FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 10/min -j LOG
> --log-prefix "NMAP-XMAS SCAN: " --log-level 7 --log-tcp-options
> --log-ip-options
>
> DROP is just "silent" against the remote initiator and let it timeout
> while REJECT sends back a valid rejection information.
>
> Alexander
Alexander, why do you want to be nice to those who would probe your
barriers and tell them you are there? If THEY are nasty enough to
probe me then I am nasty enough to let them timeout like unrequited
love.
{^_^}
More information about the users
mailing list