this is the point at which one takes a look at the ipchains howto to get a
better understanding of how ipchains work. after setting up PMfirewall
initially it would take you about five minutes to close any/all the ports
you want where udp packets are being recieved. this, of course, requires a
tiny bit of manual editing. however, it is simple enough since there are
example chains already written in the pmfirewall.rules.local file. that is
the file where thee changes/additions to ipchains are to be made.
Pmfirewall is a great way to get your firewall STARTED, but it is by no
means complete or finished after using this script to configure you
ipchains. Ipchains still requires the user to become involved and take an
active role in configuration and maintaining the firewall. thats not the
burden that it sounds like it is though. unlike ZoneAlarm where everything
is done for you, as in Guard Dog, Ipchains requires user intervention and
thereby allows much more focused control on all parts of the firewall and
requires the user to be responsible for the saftey/security of the
machine.
--
Mark
/ * Sometimes it becomes necessary to rock the boat
* in order to get the rats up from below decks
* so they can be kicked over the side and drowned!
*
* REGISTERED LINUX USER # 182496
*/
<<<<<<<<<<<<<<<<<*REPLY SEPERATOR*>>>>>>>>>>>>>>>>>>>>>>
On Wed, 29 Nov 2000 Dickman, Jeff had this to say!
>
> Side note here on PMFIREWALL....
>
> I installed it day before yesterday, ran the script. Was very easy - mostly
> I accepted defaults. Then I ran a scan on my system. Much to my surprise,
> I was wide open on ALL my udp ports... Reran the setup looking for what may
> have caused this terrible error, nothing about UDP ports... not a good way
> to start of a relationship.
>
> -JD-
>
