That sounds odd. Tech support is usually very helpful about answering
questions.
>I need an example of a filter that will stop someone outside their network
>from pinging the broadcast address.
It's actually pretty simple. Assuming their network is 192.168.10.0/24
(parenthesis are comments only!)
add filter nosmurf.in
set nosmurf.in 1 deny 0.0.0.0/0 192.168.10.255/32 (keeps any machine from
sending to the broadcast address)
(remember that if they have a smaller subnet, you will need to use the
broadcast address for their network.)
set nosmurf.in 2 deny 192.168.10.0/24 0.0.0.0/0 (prevents spoofing of their
network addresses from outside)
set nosmurf.in 3 permit (allows all other traffic through)
save all
set s1 ifilter nosmurf.in (assuming this is where they are connected to you.)
reset s1
show s1
You should now see the input filter listed as nosmurf.in
Good Luck!
Also, add "log" to the end of the filter commands to log the header info to
your syslog host.
set nosmurf.in 1 deny 0.0.0.0/0 192.168.10.255/32 log
-Robert
(who assumes absolutely no liability nor does my employer Garden Networks.)
But I hope this is helpful! :)
>Is there a decent primer on Livingston Filters with examples and comments?
>
>The one on the web site stinks.
>
>The other option is to pull the expensive "FireWall Router" and replace
>with a simple Cisco 2501 and put in the no ip-directed broadcasts command,
>and go to bed.
Robert Boyle Server Co-location,
Garden Networks Internet Access,
50 Diller Ave Development & Consulting
Newton, NJ 07860 (973)300-9211 Ext.103
8AM-8PM Mon-Fri EST http://www.garden.net
Lucent RABU & Software.Com Post.Office VAR
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>