|
||||||||||
Timothy, > I now did uncheck "Log packets blocked by the default rule" and created > a rule to block TCP/UDP on WAN with logging enabled. > This kind of works but it's not a very clean sollution. Will I still be > able to open ports on my WAN as I created a rule before to block everything? You can open ports on WAN as long as the rules appear before the all-block rule. m0n0 goes through the rules in the order listed, so as long as you move the allow rules up top then it should work. > I did try to create a rule to block IGMP first (with no logging) as Fred > mentioned, but the default rule would still log IGMP packets. Correct me if I'm wrong, because I can't recreate the situation you describe here... How can the implicit default block rule (logged) for IGMP packets that have been blocked by an explicit rule (without logging) show up in the logs? AFAIK, once an explicit block rule has been hit, m0n0 does everything that is requested there, including not logging, then stops. Are you sure you don't have another block rule above it or something that's logging? Or you accidentally selected the wrong interface (or specified an IP) to block IGMP on? > I could always allow IGMP, that way the packets wouldn't get logged, but > can allowing IGMP be a security risk? If the above is true, where an explicit block rule that says DON'T LOG ends up falling in your logs anyway, I can't see why an explicit allow rule that says DON'T LOG wouldn't end up in your logs also... AFAIK in terms of security, IGMP packets are pretty harmless. They are just probe/update packets for multicasting. I'm pretty sure m0n0 just drops them. I'm not aware of any exploits that make use of IGMP. Here's a link that describes what IGMP is/does: http://www.et.put.poznan.pl/tcpip/igmp/igmp_intro.htm /sylikc |