On Wed, 08 Dec 1999, Alan Mead wrote:
> At 11:58 AM 12/8/99 -0500, Steve wrote:
>
> >I have Ipchains set up to DENY all 10.0.0.0, 127.0.0.0, 192.168.0.0,
> 172.16.0.0
> >and my external eth1 as standard then allowing only what I need from the
> >outside and MASQ all internal packets forwarded to my external card. I think
> >that is what I need. Portsentry is more of an insurance policy in case I do
> >something stupid w/ Ipchains I have a secondary line of defence.
>
> In order to have it be a backup to your firewall, you need to engage it's
> dangerous bits. That means the mode where it drops route if it detects an
> attacker. You also need a dead IP to send the apckate to... I don't know
> if that will be a problem for you.
Nope, See last post...
>
> I would probably install it. But you might consider not having a second
> line of defense like this. First, if your firewall works, what use will
> portsentry be?
None, hopefully but I always like to have a backup. It may not completely save
my ass but at least I have less of a chance of leaving the door wide open by
mistake.
Thanks!
Steve
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
