Hello Friends, I have in my IDS logs packets comming from outside to DMZ servers with source port 0 and destination port 0. The IDS is located in the DMZ network, and I have an iptables firewall, kernel-2.4.18-26.1.99_kb2c.1foo over RH 8 (that is the kernel with superfreeswan patches). I tried with this couple of rules on top of FORWARD chain: $IPT -A FORWARD -p tcp --sport 0 -j LOG --log-prefix "Zero: " $IPT -A FORWARD -p tcp --sport 0 -j DROP also: $IPT -A FORWARD -p tcp --sport 0 --dport 0 -j LOG --log-prefix "Cero: " $IPT -A FORWARD -p tcp --sport 0 --dport 0 -j DROP After that I continue viewing the bad packets on IDS, how could I filter this kind of packets? -- Best regards, Geffrey mailto:g_netfilter@xxxxxxxxxxx
