Re: A Question about FireWall logging

<rick@bcm.tmc.edu> wrote in message
news:1143819598.162401.23900@z34g2000cwc.googlegroups.com...
>
> Moe Trin wrote:
>> On Wed, 29 Mar 2006, in the Usenet newsgroup comp.security.firewalls, in
>> article
>> <lCCWf.9470$Bj7.2187@newsread2.news.pas.earthlink.net>, Duane Arnold
>> wrote:
>>
>> >Yeah, that's what I did. And what's any of this above have to do with
>> >anything if I see the same IP coming at a port or port(s) and I want to
>> >do
>> >it?
>>
>> If you blocked it - why are you seeing it?
>>
>> >Don't be getting into all the protocol stuff with me as I know all
>> >about it.
>>
>> No Duane, I don't think you do know.
>>
>> >If I want to set a rule to block an IP even if it's being blocked by
>> >DEFAULT, that's my business.
>>
>> True - but don't expect everyone to have to block a /8 and a /9 within
>> that, and a /10 within that, on up to a /32. If the range is blocked,
>> it's
>> blocked and adding the same block over and over is an example of not
>> understanding what is going on. Or, you're using a toy that doesn't do
>> the job..
>
> Moe was originaly responding to the OP. IIRC, the original question was
> whether or not
> to log rejects as well as accepts on a firewall.

Then he should have done the right thing and inticated it was coming from
somewhere else in a thread

<snip>

whatever comments

<snip>

And not inline which is what he did with no indication that it was coming
from somewhere else in the thread.

I am not into reading someone's mind or reading every post in a thread.

Duane :)
Received on Mon May 1 01:03:38 2006