/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Yes, I did have it only on the forward chain. A couple of documents were
suggested, and they mentioned the input and output chains. I am now
working on those to protect my machine. Thanks.
bruno
"John D. Hardin" wrote:
> On Wed, 25 Aug 1999, Bruno Melloni wrote:
>
> > As an early setup I did the "no-brains" 2-line ipchains
> > configuration setting a deny-all default policy and allow all
> > outgoing for masqueraded forwarding.
>
> Two lines? What chain did you deny-all on? If you set the default
> policy on the forward chain to deny, that does not imply a default
> policy on the input or output chains.
>
> > If ipchains does not protect the firewall machine, can you recommend
> > a way to accomplish that?
>
> To protect the firewall machine itself you need rules in the input
> chain with the -i argument specifying your external interface.
>
> --
> John Hardin KA7OHZ [EMAIL PROTECTED]
> pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
> PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
> -----------------------------------------------------------------------
> Monty Python's Star Trek Voyager:
> A successful trans-warp experiment turns Paris and Janeway into
> newts, but they get better.
> ...wait a minute... It's already been done...
> -----------------------------------------------------------------------
> 5 days until A Civil Campaign is officially released
[demime 0.91c removed an attachment of type text/x-vcard which had a name of bruno.vcf]
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
