[ previous ] [ next ] [ threads ]
 
 From:  DTakemori at thdfsg dot com
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Block + Nolog Checkpoint cluster
 Date:  Fri, 10 Aug 2007 15:15:47 -1000
Hi,

Running net48xx-1.231.img,

I'm finding in the logs many many instances of

Aug 10 09:17:20 z.z.z.z ipmon[88]: 09:17:19.816759 2x sis2 @0:21 b 
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Aug 10 09:17:19 z.z.z.z ipmon[88]: 09:17:18.989225 sis2 @0:21 b 
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Aug 10 09:17:18 z.z.z.z ipmon[88]: 09:17:18.316930 sis2 @0:21 b 
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Aug 10 09:17:17 z.z.z.z ipmon[88]: 09:17:16.816692 2x sis2 @0:21 b 
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Aug 10 09:17:16 z.z.z.z ipmon[88]: 09:17:15.989176 sis2 @0:21 b 
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN

Where z.z.z.z is the Soekris box running m0no0wall and x.x.x.0 is the 
RFC1918 private 
network on port sis2.

This udp port 8116 is a Checkpoint clustering protocol which can't be 
turned off
without also losing functionality.  It doesn't need to get to the x.x.x.0 
network so
I want it blocked, but the logging is too much.  I want to continue 
blocking these
packets at the m0n0wall without logging, but still log any other firewall 
events.

Rule 0:21 is

block in log quick on sis2 any to any

and appears to take precidence over any rules I put on the sis2 interface.

So the question is, how can I put in a rule to block these packets but not
log doing so AND have that rule be processed before the 0:21rule?

-dean takemori