popularity-contest
Tony Arnold
tony.arnold at manchester.ac.uk
Thu Mar 29 13:47:15 UTC 2007
Richard,
R Kimber wrote:
> On Thu, 29 Mar 2007 13:44:20 +0100
> Tony Arnold wrote:
>
>> Why your firewall is flagging such packets, I've no idea. Firewall
>> rules should allow replies to outgoing packets, usually using the
>> 'established' flag.
>
> The rules were set up by Firestarter and the info is reported by
> logcheck. The Canonical IP is not always the same, so it's hard find a
> regex that can be used in a logcheck filter
I've not used logcheck, but could you get it to look for the SYN ACK at
the end of the log message?
Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-users
mailing list