-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rodolfo J. Paiz wrote:
>Clearly you haven't seen the MASQUERADE feature in iptables; I can do >*ANYTHING* from the inside to the outside, and the firewall is completely >transparent to me. Bitch for someone to get in, though. I feel compelled to quickly point out that NAT/masquerading is _not_ a security feature. What you're describing is a stateful firewall, which allows only inbound traffic which is related to outgoing requests. This is not in any way related to network address translation, which is what NAT/masquerading does. iptables can do both, but please don't confuse them, nor rely on NAT to protect you. - -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPNbz6r9BpdPKTBGtEQIjWwCeJU/D6UK/AY4VbbVIOzoDi+in+TUAoONV ySebrvr8EMp4MIwQ+Jz8Oaug =Hs4l -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list