summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJérôme Schneider <jschneider@entrouvert.com>2011-06-22 13:47:23 (GMT)
committerJérôme Schneider <jschneider@entrouvert.com>2011-06-22 13:47:23 (GMT)
commit66c6cc3853019556307ca220ec3c9f09c7f0ffde (patch)
tree9d4e64ffb4a6e900607a259b047d205c2e7af08a
parent1c466fdf89fc4e859aa6266bb5c6d96458f5c5df (diff)
downloadeofirewall-66c6cc3853019556307ca220ec3c9f09c7f0ffde.zip
eofirewall-66c6cc3853019556307ca220ec3c9f09c7f0ffde.tar.gz
eofirewall-66c6cc3853019556307ca220ec3c9f09c7f0ffde.tar.bz2
Avoid log flood
-rw-r--r--debian/changelog7
-rwxr-xr-xfirewall4
2 files changed, 10 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index db349bd..025f6f0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+eofirewall (0.1-20110621.3) unstable; urgency=low
+
+ * Add an example for the ssh whitelist
+ * Fix WAN outgoing traffic from lan
+
+ -- Jérôme Schneider <jschneider@entrouvert.com> Tue, 21 Jun 2011 19:35:17 +0200
+
eofirewall (0.1-20110621.2) unstable; urgency=low
* Add a whitelist for ssh
diff --git a/firewall b/firewall
index 2840038..b03bea3 100755
--- a/firewall
+++ b/firewall
@@ -277,7 +277,9 @@ start()
## LOG
## Create a LOGDROP chain to log and drop packets
$IPTABLES -N LOGDROP
- $IPTABLES -A LOGDROP -j LOG --log-prefix "iptables: " --log-level 4
+ $IPTABLES -A LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
+ $IPTABLES -A LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
+ $IPTABLES -A LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
$IPTABLES -A LOGDROP -j DROP
$IPTABLES -A INPUT -j LOGDROP