I don't think he built this script. It's entirely too pretty in layout. Building your own script, IMHO opinion, is not that hard, and much easier to lock down tight. I didn't look at all the internals, but I would definitely question the amount of ports left open to the world. Outbound FROM the inside is one thing. To allow internal users to use any ports or a restricted few is a management decision. Leaving open ports to any machine wide open from the outside is quite another. Building your own script allows you to open up udp 53 to DNS servers and ONLY to DNS servers. I don't have a big problem with SSH being allowed to anything, so long as you have some sort of IDS function (checking system logs included). But Port 25 to ANY box? Maybe just the SMTP server. etc.... If you are doing a "my own personal network" script, maybe canned scripts are ok, but if you are protecting a company network, you will really want to lock it down to the necessary ports to those boxes needing them... DMZ is good as well.
So I guess that gets us back to the question: What are you trying to do with the script? On Wed, 10 Jul 2002 06:50:39 -0400 (EDT) "Gerry Doris" <[EMAIL PROTECTED]> wrote: > On Tue, 9 Jul 2002, Douglas J Hunley wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > anyone see anything wrong, any holes, incorrect assumptions, room for > > improvement, etc with the attached iptables script? > > - -- > > Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778 > > Admin: Linux StepByStep - http://www.linux-sxs.org > > and http://jobs.linux-sxs.org > > Instead of building your own script you might want to check out > Monmotha's iptables script. You can configure it to do most things. > > Gerry > -- > > "The lyfe so short, the craft so long to learne" Chaucer > > _______________________________________________ > Linux-users mailing list - > http://linux-sxs.org/mailman/listinfo/linux-users > Subscribe/Unsubscribe info, Archives,and Digests are located at the > above URL. _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
