From: Mark Frey <markfrey@sympatico.ca>
To: Sudheimer <sudix@f3g.de>
Cc: linux-diald@vger.kernel.org
Subject: Re: How to ignore incoming packets
Date: Thu, 28 Aug 2003 07:25:53 -0400 [thread overview]
Message-ID: <3F4DE6C1.7050304@sympatico.ca> (raw)
In-Reply-To: <3F4DBAF8.BBF8B7FA@f3g.de>
Hi Joachim,
Thank you for pointing out the reset command!
Diald passes your ip address to the ip-up script, if defined. You could
make a template rule file with a unique pattern everywhere you want your
own ip address to be, with lines something like this:
ignore tcp ip.daddr=192.168.255.255,tcp.dest=tcp.telnet
Then in the ip-up script ($3 contains the new local IP address):
cat template_file | sed s/192.168.255.255/$3/g >diald_rule_file
echo reset >/var/run/diald.fifo
I'll see if I can find time to try this out here.
Mark.
Sudheimer wrote:
> Hi,
>
> thanks for your hint, Mark.
>
>
>>As far as I know, you can only do this if you have a static IP address.
>> Then you can filter based on your fixed ip.daddr :
>>
>>ignore tcp ip.daddr=<your fixed ip>,tcp.dest=tcp.telnet
>>
>>I'd also like to know of any way to accomplish this with a dynamic address!
>>
>
> It seems to be possible to re-read the config-files with a command to
> the FIFO:
>
> echo reset > /var/run/diald.fifo
>
> I can do this while watching with dctrl and it seems to work fine (i.e.
> without changing connection status etc.)
>
> I have not yet tested this with a rules file with changing own IPs,
> though. I am new to diald and it will probably take me quite some time
> to find out how to do this (and I am a bit short of time at the moment
> :-( )
>
> According to man diald
> var ip.saddr 12
> defines the IP source address of a packet. Maybe one could use something
> like this on a packet send by the own system once after getting the new
> own IP. (Can't imagine how, though.)
>
> If not, one might have to find out the own address with ifconfig ...
> |grep ... after each reconnection and use the result in the rules file.
>
> Maybe somebody more familiar with diald can help or would like to dosome
> research/testing on this and report to the list...
>
>
>
> Jaochim
>
>
> -------------------------------------------------------------------------
>
>>Sudheimer wrote:
>>
>>>Hi everyone,
>>>
>>>I would like diald to ignore any incoming connection attempts.
>>>
>>>For example if I get incoming packages to my tcp port 23 (telnet), they
>>>fit the default rule of diald and keep up the line for 2 minutes (keepup
>>>tcp 120 any). I do not have telnetd running on this port and have also
>>>an ipchains packet denying these packets.
>>>
>>>Nevertheless these packages match the final catch-all rule of diald and
>>>keep up the line for 2 minutes (keepup tcp 120 any).
>>>
>>>On the other hand, I do not want to define a rule like "ignore telnet
>>>packets" because this would also match my own telnet-sessions to remote
>>>telnet servers.
>>>
>>>If it were possible for diald to distinguish between incoming and
>>>outgoing packets one could say somthing like "ignore incoming tcp SYN
>>>packets". Is there something like that?
>>>
>>>
>>>Joachim
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2003-08-28 11:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-27 14:19 How to ignore incoming packets Sudheimer
2003-08-27 21:36 ` Mark Frey
2003-08-28 8:19 ` Sudheimer
2003-08-28 11:25 ` Mark Frey [this message]
2003-08-28 23:47 ` Mark Frey
2003-08-29 16:34 ` sudix
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F4DE6C1.7050304@sympatico.ca \
--to=markfrey@sympatico.ca \
--cc=linux-diald@vger.kernel.org \
--cc=sudix@f3g.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).