First of all, thank you to all of you who have helped to make iptables possible, whether in writing the code for it or testing it. It is BETTER than sliced bread! :-)
Anyways, I have two questions related to the use of iptables. 1. I read on a post somewhere that it is smart to put the following two rules at the end of one's iptables ruleset: iptables -A INPUT -p tcp -i eth0 -j REJECT --reject-with tcp-reset iptables -A INPUT -p udp -i eth0 -j REJECT --reject-with tcp-reset The reasoning was that it would not look like a software firewall, but rather would look like a machine that had no open ports. Does this sound reasonable? What would all of you do? 2. I also read on some website that it is important to use this line in the setup for iptables: echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter What does this do (it said something about spoofing, but I did not understand), and is it necessary? Thank you all for your enlightenment! Robb _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
