Also Sprach Jack Daniels: > I was wondering if IPTables defeat http tunnelling out of the box > (after installing Linux 2.4) or must they be configured first?
No, not usually. If you want to stop HTTP tunnels, you need to use a web proxy, like Squid (perhaps as a transparent proxy), with some kind of filter. I don't know of any existing package that does this, or even if it's a workable solution. Are you concerned about specific HTTP tunnels, like AOL? If so, you should be able to defeat that by black-listing the IP addresses. > I installed Linux for the 1st time last week (SuSE 7.3) and don't > understand if the SuSE Personal Firewall (rejects TCP unasked for TCP > connections from outside?) eliminates the need for a hardware firewall > in front of it? I'm not running a server of any kind, I don't need to > log in remotely or anything like that. If I get an old 486 and run a > firewall from a boot floppy/RAMdisk would I get any more protection? A hardware firewall? Oh, this question again. It really depends on your setup, but having a separate firewall is almost always recommended. You might look at www.floppyfw.com. > I've been searching the net about this but information about IPTables > is rare, most people talk about ipchains instead. You might also look for 'NetFilter', which is the name for the kernel-portion of the new Linux firewalling code. http://netfilter.samba.org is one of the mirrors for the project's home page. There are docs there and mailing lists. Wil -- W. Reilly Cooley [EMAIL PROTECTED] Naked Ape Consulting http://nakedape.cc irc.linux.com #orlug,#pdxlug,#lnxs Men have a much better time of it than women; for one thing they marry later; for another thing they die earlier. -- H.L. Mencken
msg21712/pgp00000.pgp
Description: PGP signature
