ttl pro udp fw rule/ dynamicke rule

Radim Kolar hsn at netmag.cz
Sat Aug 21 20:37:00 CEST 2004

Previous message: Fatal trap 18
Next message: ttl pro udp fw rule/ dynamicke rule
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

mam pocitac s caching dns daemon pgsqldnscache /vlastni hack/ zalozeny
na djbdns. Narozdil od pdnsd funguje.

pouzivam dynamicke firewall rule abych matchoval prichozi dns odpovedi, jinak
to asi nejde protoze muj source port je nahodny.

net.inet.ip.fw.dyn_udp_lifetime=15
02100  2285  401453 allow udp from any to any out keep-state
64010     0       0 deny log udp from any to any

udp:
        2165 datagrams received
         843 dropped due to no socket
icmp:
        843 calls to icmp_error
        Output histogram:
        destination unreachable: 843

Otazky: 
 1. bylo tech 843 prichozich packetu zahozeno protoze mam maly fw.dyn_udp_lifetime?
 2. kde najdu v ipfw statistiku/count prichozich dns packetu. Tedy tech
 ktere matchovaly ty dynamicky vytvorene rule. 
 3. Ty dropovane packety nejsou zbloudile udp scany, protoze na ty mam
 zvlastni ruli a ta nic nechytla. Je to tak?

Previous message: Fatal trap 18
Next message: ttl pro udp fw rule/ dynamicke rule
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list