On 10/04/2004 Daniel Pittman wrote: > > [...] > > same class C net, the forth in another. This way I workaround the two > > nameservers from different class c nets required by denic to set new > > nameserver entries for .de domains. My luck that my hosting center > > supports that *g* > > Just a note: you would be better off trying to find a real secondary DNS > server, not faking it like this. Your system will be *much* more > reliable as a result. Most of these rules exist for good reasons. :)
yea, I know that. But as long as the dnsserver only holds domains that are local to the server it's not that worse, and I'll surely add another secondary nameserver as soon as possible, but since we are a small company, and this is our first own server, it's not that easy to find another one. > > maybe you can point me to the right docs or simply to the right > > firewall tools. > > Well, I use and recommend the 'firehol' script for this sort of work. > It is quite simple to set up initially, but also very powerful and able > to integrate anything you want to do nicely. > > It is packaged in testing and unstable, or trivial to backport as it has > no real dependencies other than bash, awk and so. yea, sounds really nice, but yesterday I fucked my system with fiaif only executing a 'iptables -F INPUT' and this way locking out everything from my server. To prevent this, I don't plan to install some firewall scripts that have a paranoidal default configuration and this way block for example the ssh server -> don't allow any login from remote any longer. Since the package you recommented, 'firehol' has a note at description, called: "The default configuration file will allow only client traffic on PPP and ethernet interfaces.", I'm made a little bit confiused about if to install the package. a short hint would be cool. bye jonas
