On Sat, Jan 08, 2000 at 08:19:14PM -0500, Dirk Eddelbuettel wrote: > -- do we have a basic "hardening howto" document ?
Depends on your OS, you might start at the Ressource Page of the www.freefire.org project. > -- how do keep services like time, talk, ... accessible "inside" (ie on eth1 > on 192.168.1.*) but _not_ to the outside world on eth0 ? The simple solution is to use IP-Filter t restrict incoming packages depending on the interface, thats a good idea for spoof protection anyway. Another option would be to bind those services to a special address. You can do that with g2s or xinetd. However you should be aware that this will require some fiters, too. To avoid external hosts to contact the internal interfaces address. (in case that is an routeable address). Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
