Well, I don't know how this worm spreads, so I can't help with firewall design, but it seems to me that you might want the LOG rules before the DROP rules, no? On Wed, 17 Mar 2004, nicolas boussekeyt wrote: > Date: Wed, 17 Mar 2004 10:37:42 +0100 > From: nicolas boussekeyt <nicolas.boussekeyt@xxxxxxx> > To: "netfilter@xxxxxxxxxxxxxxxxxxx" <netfilter@xxxxxxxxxxxxxxxxxxx> > Subject: Configure my firewall > > Hi, I want filter my firewall for raleka worm. > > Actually, i have used : > iptables -A FORWARD -p tcp -i $EXTIF --dport 135 -j DROP > iptables -A FORWARD -p tcp -i $EXTIF --dport 135 -j LOG > iptables -A FORWARD -p udp -i $EXTIF --dport 135 -j DROP > iptables -A FORWARD -p udp -i $EXTIF --dport 135 -j LOG > iptables -A FORWARD -p tcp -i $EXTIF --dport 6667 -j DROP > iptables -A FORWARD -p tcp -i $EXTIF --dport 6667 -j LOG > iptables -A FORWARD -p udp -i $EXTIF --dport 6667 -j DROP > iptables -A FORWARD -p udp -i $EXTIF --dport 6667 -j LOG > iptables -A FORWARD -p tcp -i $EXTIF --dport 32767 -j DROP > iptables -A FORWARD -p tcp -i $EXTIF --dport 32767 -j LOG > iptables -A FORWARD -p udp -i $EXTIF --dport 32767 -j DROP > iptables -A FORWARD -p udp -i $EXTIF --dport 32767 -j LOG > iptables -A FORWARD -p tcp -i $EXTIF --dport 32768 -j DROP > iptables -A FORWARD -p tcp -i $EXTIF --dport 32768 -j LOG > iptables -A FORWARD -p udp -i $EXTIF --dport 32768 -j DROP > iptables -A FORWARD -p udp -i $EXTIF --dport 32768 -j LOG > > But the worm is back. > > Can you give me information. > > > >
