Actually, is what I did for IPTABLES is this
Where $NET is the internal net $IPT is for iptables $IPT -t filter -A OUTPUT -p tcp -s $NET -d 0/0 --dport 2002 -m limit --limit 2/minute -j $STOP $IPT -t filter -A OUTPUT -p udp -s $NET -d 0/0 --dport 2002 -m limit --limit 2/minute -j $STOP $IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --dport 2002 -m limit --limit 2/minute -j $STOP $IPT -t filter -A INPUT -p udp -s 0/0 -d $NET --dport 2002 -m limit --limit 2/minute -j $STOP Will this work better instead of my last post? Thanks Joe Francisco Neira writes: >Kalin Mintchev wrote: >> hi all, >> this is kind of an urgent question please respond... >> >> if i put a rule in the ipchains like: >> >> # ipchains -A input -p udp -s 0/0 2002 -d 0.0.0.0/32 2002 j >DENY >> >> 1. do i have to do something else in order for this rule to >take effect >> immediately and >> 2. am i supposed to see the udp traffic STILL if i do >> >> #tcpdump port 2002 >> >> thanks >> >> >Trying to block Slapper, huh? > >1.- You don't need to do anything after. It will take effect >immediately. >2.- Apply the rule ALSO for OUTPUT since udp traffic will be >originated >from the port 2002 of your server. > >Hope this helps. > > > >-- >Francisco Neira B. >Administrador de Red >Defensoria del Pueblo >Lima, Peru, -05:00 UTC > > > > >-- >redhat-list mailing list >unsubscribe >mailto:[EMAIL PROTECTED]?subject=unsubscribe >https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
