"The Linux firewall (iptables) is different. It is a kernel level stateful packet filter. This means that not only is it build into the core of the operating system, but that it is intelligent enough to keep track of connections to and from your computer and/or network. Configuration of any firewall is a tricky business and should be though about thoroughly before starting, there are however graphical utilities that can simplify this whole process (fwbuilder, xxx, yyy). In addition to iptables, there is a suite of other options that can be changed at kernel level to affect how the system responds to various types of traffic, many of these will help reduce the threat of denial-of-service and other attacks."
We could talk further about bridging firewalls and things such as mac filtering, but perhaps another day? For those of you who are not familiar with this part of Linux, take a look at the options under: /proc/sys/net/ipv4/ 09:29:[EMAIL PROTECTED] ls conf ip_no_pmtu_disc tcp_fack tcp_retries2 icmp_echo_ignore_all ip_nonlocal_bind tcp_fin_timeout tcp_rfc1337 icmp_echo_ignore_broadcasts ipfrag_high_thresh tcp_frto tcp_rmem icmp_ignore_bogus_error_responses ipfrag_low_thresh tcp_keepalive_intvl tcp_sack icmp_ratelimit ipfrag_secret_interval tcp_keepalive_probes tcp_stdurg icmp_ratemask ipfrag_time tcp_keepalive_time tcp_syn_retries igmp_max_msf neigh tcp_low_latency tcp_synack_retries inet_peer_gc_maxtime route tcp_max_orphans tcp_timestamps inet_peer_gc_mintime tcp_abort_on_overflow tcp_max_syn_backlog tcp_tw_recycle inet_peer_maxttl tcp_adv_win_scale tcp_max_tw_buckets tcp_tw_reuse inet_peer_minttl tcp_app_win tcp_mem tcp_vegas_alpha inet_peer_threshold tcp_bic tcp_moderate_rcvbuf tcp_vegas_beta ip_autoconfig tcp_bic_fast_convergence tcp_no_metrics_save tcp_vegas_cong_avoid ip_default_ttl tcp_bic_low_window tcp_orphan_retries tcp_vegas_gamma ip_dynaddr tcp_default_win_scale tcp_reordering tcp_westwood ip_forward tcp_dsack tcp_retrans_collapse tcp_window_scaling ip_local_port_range tcp_ecn tcp_retries1 tcp_wmem What fun...does MS have this level of control?? I thought not. :0) Iain.
