this is something i'm trying to make; to get ipchains to make any
packet hang unless the client tries to connect to a few particular
ports. Portsentry can almost do that too I guess, but not on ports used
by running daemons like portmap, BIND, httpd, etc...
On Tue, 10 Apr 2001, Pieter De Wit wrote:
> Hello Bob,
>
> The traffic is coming from the external interface, everything is the way I
> want it, I am just trying to understand how it works...Has is got something
> to do with the -P switch ?
>
> Thx,
>
> Pieter
>
> -----Original Message-----
> From: Bob Hartung [mailto:[EMAIL PROTECTED]]
> Sent: 10 April 2001 01:51
> To: [EMAIL PROTECTED]
> Subject: Re: IPChains up-side down ?!?
>
>
> Pieter De Wit wrote:
> >
> > Hello All,
> >
> > I have created my first (and very proud of it <grin>) ipchains script. My
> > question is, at the start of the script I do the following :
> >
> > ipchains -F
> >
> > ipchains -P input DENY
> > ipchains -P output DENY
> > ipchains -P forward DENY
> >
> > This flushes the chains and sets the default to DENY all. After that I add
> > my normal rules to ALLOW only what I want. If ipchains work on a
> first-match
> > system, why do I still get traffic to my box ?
> >
> > Thanks,
> >
> > Pieter De Wit
>
> Peter,
> This sequence is correct. Is the traffic that you see
> coming from the inside network? Setting all three policies
> to DENY should shut down the connection with the outisde
> world.
>
> Bob
>
>
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list