Re: [newbie] /etc/rc.d/rc.firewall.inet_sharing-2.4

Thu, 09 Aug 2001 20:18:34 -0700 

Think about it this way. If your windows box tries to go to a web
site it will have to look the domain up in DNS. What happens if 
DNS can't send the request back because you disabled the forwarding
of DNS requests? No DNS returns which means you shouldn't get to 
any sites unless by ip address.  :)

Eric

* Jeff <[EMAIL PROTECTED]> [010617 23:42]:
> The following lines in
> /etc/rc.d/rc.firewall.inet_sharing-2.4 don't seem to
> be of use to me and I would like to remove them.
> 
> # Allow dhcp requests
> iptables -A INPUT -i eth0 -p udp --sport bootpc
> --dport bootps -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --sport bootpc
> --dport bootps -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --sport bootps
> --dport bootpc -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --sport bootps
> --dport bootpc -j ACCEPT
>  
> # Allow dns requests
> iptables -A INPUT -i eth0 -p udp --dport domain -j
> ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport domain -j
> ACCEPT
> 
> I believe the reason the dhcp requests are allowed is
> because I thought I would use the mandrake connection
> sharing wizard at first but decided not to now as it
> complicates using samba with my windows machine.
> 
> Correct me if I'm wrong but the dns requests line
> looks like it's accepting dns requests from eth0 on
> tcp and udp.  I can't for the life of me figure out
> why I would want to do this.  I only have two
> machines.  One is running Mandrake 8.0 (not a dns
> server) and a windows machine that is sharing the
> connection of the mandrake box (ppp0).  As long as the
> dns server entries are inside of the windows
> networking setup then I shouldnt be accepting dns
> queries for any reason then should I?
> 
> I'm also writing my own firewall by hand with iptables
> to learn the in's and out's of how it works.  When I
> finally have it finished can I just place it in
> /etc/rc.d/rc.firwall to have it executed on boot?
> 
> __________________________________________________
> Do You Yahoo!?
> Spot the hottest trends in music, movies, and more.
> http://buzz.yahoo.com/
> 
> 

-- 
Uptime: 
 8 days, 10:35

Reply via email to