Differences between version 13 and predecessor to the previous major change of PerrysFirewallingScript.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 13 | Last edited on Tuesday, June 10, 2003 12:29:10 am | by PerryLorier | Revert |
| Older page: | version 11 | Last edited on Tuesday, May 13, 2003 10:31:08 pm | by CraigBox | Revert |
@@ -89,10 +89,15 @@
;polite_reject: requires at least one argument, the first is the rule to append to, the rest is any other iptables options that may be used (eg: limiting it by port). polite_reject then rejects the packets ratelimited to 5/s and logs them at a rate of 2/s, rendering floods less effective. All packets that aren't rejected are dropped.
;polite_drop: same as polite_reject but only logs at 2/s and doesn't send back reject messages. This is useful for rules where you know that the rejects aren't going to be used (for example if the source address is a martian) or it could be downright harmful (eg: the packet was directed towards a multicast or broadcast address).
+
+!!FAQ
+;__Q__:Why do I get lots of messages saying "End of ''something''" on my screen/in my syslog
+;__A__:You don't have a catch all rule for something in one of your class files. Look at the syslog messages carefully and see what interface they are dealing with and which rule you are missing.
!!Wishlist features
These are all wishlist features which may or may not get implemented :)
-;renaming interfaces based on their category: eg: "External0" "External1" "Internal1" "Internal2", thusly when an interface comes up it is named by it's purpose. Useful for those machines that have 10+ interfaces and you can never remember which is which, also important when you have multiple ppp0, or VPN interfaces that may come up in any order (do you set the permissive rule on ppp0 or ppp1?)
+;renaming interfaces based on their category: eg: "External0" "External1" "Internal1" "Internal2", thusly when an interface comes up it is named by it's purpose. Useful for those machines that have 10+ interfaces and you can never remember which is which, also important when you have multiple ppp0, or VPN interfaces that may come up in any order (do you set the permissive rule on ppp0 or ppp1?) -- Superseeded by a program whose name I forget which has a file of MAC->interfacenames and when run renames interfaces as required. Rather nifty.
;some saner defaults:A simple default so if you run the script straight out of CVS it probably does what you want. Go get the deb if you need this.
;use iptables-save and restore to speed shutdown/startup of script?:
+;transparent support of ipv6:Needs investigating
