[EMAIL PROTECTED] (Jan Ciger) writes: > J.A. Magallon wrote: > |>I guess it depends upon what you're doing. In my case, the default > |>settings blocked traffic to my gateway, both in and out, and effectively > |>shut down the network. > |> > | > | > | I really find more useful a combination of a 5 line iptables > | script to do plain forwarding and portsentry. I do not know why portsentry > | was killed from the distro. > | > | So you could separate 'security' from 'internet sharing'. > > This has nothing to do with internet sharing, this problem happened to > me too - shorewall disables also *outgoing* connections from your > machine by default. Blocking all incoming things is OK, but outgoing ? > That's a bit of an overkill. > In a standard msec level, it should just block incoming connections, > maybe with the exception of ssh port and allow all outgoing ones, so > that you could get a decent configuration out of the box. On higher > levels, let's lock down everything, the admin should know what to do to > enable it again and a clueless idiot will not put up an unprotected server.
Hello, Let's not mix msec and shorewall, shall we ? If you want to allow everything from your own private computer, (firewall or the computer on your private lan) simply change the policy, this can be done in one line ... So I don't understand the point of this discussion ... -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
