Yes, it's a problem ? >Well, I don't know how this worm spreads, so I can't help with firewall >design, but it seems to me that you might want the LOG rules before the >DROP rules, no? > >On Wed, 17 Mar 2004, nicolas boussekeyt wrote: > >> Date: Wed, 17 Mar 2004 10:37:42 +0100 >> From: nicolas boussekeyt <nicolas.boussekeyt@xxxxxxx> >> To: "netfilter@xxxxxxxxxxxxxxxxxxx" <netfilter@xxxxxxxxxxxxxxxxxxx> >> Subject: Configure my firewall >> >> Hi, I want filter my firewall for raleka worm. >> >> Actually, i have used : >> iptables -A FORWARD -p tcp -i $EXTIF --dport 135 -j DROP >> iptables -A FORWARD -p tcp -i $EXTIF --dport 135 -j LOG >> iptables -A FORWARD -p udp -i $EXTIF --dport 135 -j DROP >> iptables -A FORWARD -p udp -i $EXTIF --dport 135 -j LOG >> iptables -A FORWARD -p tcp -i $EXTIF --dport 6667 -j DROP >> iptables -A FORWARD -p tcp -i $EXTIF --dport 6667 -j LOG >> iptables -A FORWARD -p udp -i $EXTIF --dport 6667 -j DROP >> iptables -A FORWARD -p udp -i $EXTIF --dport 6667 -j LOG >> iptables -A FORWARD -p tcp -i $EXTIF --dport 32767 -j DROP >> iptables -A FORWARD -p tcp -i $EXTIF --dport 32767 -j LOG >> iptables -A FORWARD -p udp -i $EXTIF --dport 32767 -j DROP >> iptables -A FORWARD -p udp -i $EXTIF --dport 32767 -j LOG >> iptables -A FORWARD -p tcp -i $EXTIF --dport 32768 -j DROP >> iptables -A FORWARD -p tcp -i $EXTIF --dport 32768 -j LOG >> iptables -A FORWARD -p udp -i $EXTIF --dport 32768 -j DROP >> iptables -A FORWARD -p udp -i $EXTIF --dport 32768 -j LOG >> >> But the worm is back. >> >> Can you give me information. >> >> >> >>
