On 16:28 14 May 2002, The Gyzmo <[EMAIL PROTECTED]> wrote:
| #modify chains
| /sbin/ipchains -P input ACCEPT
| /sbin/ipchains -P output ACCEPT
| /sbin/ipchains -P forward DENY
|
| #deny TCP connection attempts
| /sbin/ipchains -A input -l -i ppp+ -p tcp -y -j DENY
You're doing this backwards. What you want is:
/sbin/ipchains -P input REJECT
/sbin/ipchains -P output REJECT
/sbin/ipchains -P forward DENY
and then a bunch of rules to ACCEPT _only_ what you expect.
Much much safer.
--
Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
Man is quite insane. He wouldn't know how to create a maggot, and he creates
gods by the dozen. - Montaigne
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
