Differences between version 12 and previous revision of PerrysFirewallingScript.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 12 | Last edited on Monday, June 9, 2003 7:57:53 pm | by PerryLorier | Revert |
| Older page: | version 11 | Last edited on Tuesday, May 13, 2003 10:31:08 pm | by CraigBox | Revert |
@@ -89,10 +89,14 @@
;polite_reject: requires at least one argument, the first is the rule to append to, the rest is any other iptables options that may be used (eg: limiting it by port). polite_reject then rejects the packets ratelimited to 5/s and logs them at a rate of 2/s, rendering floods less effective. All packets that aren't rejected are dropped.
;polite_drop: same as polite_reject but only logs at 2/s and doesn't send back reject messages. This is useful for rules where you know that the rejects aren't going to be used (for example if the source address is a martian) or it could be downright harmful (eg: the packet was directed towards a multicast or broadcast address).
+
+!!FAQ
+;__Q__:Why do I get lots of messages saying "End of ''something''" on my screen/in my syslog
+;__A__:You don't have a catch all rule for something in one of your class files. Look at the syslog messages carefully and see what interface they are dealing with and which rule you are missing.
!!Wishlist features
These are all wishlist features which may or may not get implemented :)
;renaming interfaces based on their category: eg: "External0" "External1" "Internal1" "Internal2", thusly when an interface comes up it is named by it's purpose. Useful for those machines that have 10+ interfaces and you can never remember which is which, also important when you have multiple ppp0, or VPN interfaces that may come up in any order (do you set the permissive rule on ppp0 or ppp1?)
;some saner defaults:A simple default so if you run the script straight out of CVS it probably does what you want. Go get the deb if you need this.
;use iptables-save and restore to speed shutdown/startup of script?:
