[syslog-ng] Firewalling with syslog-ng, a working prototype
Alexander Clouter
alex at digriz.org.uk
Mon Feb 21 12:50:43 CET 2011
Valentijn Sessink <valentyn at blub.net> wrote:
>
> [snipped 'the good stuff']
>
> 4) Repeat step 3, but with "iptables" instead of "ip6tables". (I used
> ip6tables on purpose, because it's time you get ready for IPv6 if you
> aren't).
>
Be careful as you are possibly opening yourself up to a DoS; for the v6
case. Most attackers will be able to move through their local /64 which
might cause problems when using recent directly, might be worth
combining it with hashlimit too.
Otherwise, 'neato'.
Cheers
--
Alexander Clouter
.sigmonster says: share, n.:
To give in, endure humiliation.
More information about the syslog-ng
mailing list