Re: [cobalt-security] Basic IPTables rules for RaQ550

["Michelle A. Hoyle" <mahlist@xxxxxxxxxxxxx>]

> From: Eric Frisch <ericf@xxxxxxxxxxx>
> Date: 03 Mar 2003 09:10:32 -0500
>
> Why not use gShield, default policy is to drop everything except maybe
> ident.  You just enable the services you need using a very well
> documented set of configuration files.  You can add the odd custom rule
> yourself as well.  The only place I have had trouble is the default
> policy is to log the drop events for hosts you place in the blacklist,
> dropping hundreds of packets a second from a rogue site will overwhelm
> the Raq with logging activity.  You can do an sh -x on the gShield rc
> file to see all the rules generated if you want to sanity check the
> thing.

Thanks for pointing me to that, Eric.  I was able to get gShield 
configured and running without too many problems (without locking 
myself out, even.  (-: )

The only question I have now (and possibly more suited for Cobalt 
Users, but this is where we started) is that I'm getting a notice 
hourly from the cron daemon complaining that the log_traffic script 
can't find the tables it uses for its accounting.  I had a look at 
the script and I know that's because the gShield script is 
overwriting those rules.  How did you cope with this or did you just 
remove the hourly cronjob?

Thanks!

Michelle