OK, my question.
I've been running RH 6.2 on an older box for over a year and a half. This box
is my firewall, triple-homed, with one to the cable modem. (ah, peace and
quiet from two teenagers...).
To harden it, I found and ran Bastille-linux. Over time, upon request, I've
opened a couple of ports. Lately, though, I've wanted to be able to get to
and from this box from my system, and it apparently is blocking me, when I
*told* it that inside systems were trusted.
Well, if I do an ipchains -l, it gives me about 5,278 rules, which seems
excessive. I'm willing to look at other freeware...but I'm also considering
doing it myself. So, if I were to do it myself, would this work?
POLICY INPUT reject interface_out
POLICY OUTPUT reject interface_out
POLICY FORWARD reject interface_out
POLICY INPUT accept internal_interface
POLICY OUTPUT accept internal_interface
POLICY FORWARD accept internal_interface
Then accept from inside the firewall, and only accept http, pop3, and a few
other things from the outside interface. This *ought* to be not more than a
couple of dozen rules.
The policy stmts with reject should simply drop the unwanted packets in the
bit bucket (yes, and I'll have to put a drain to the outside there, so that
bitrot won't ruin my floor <g>).
Cmts?
mark
--
"Patriotism is the last refuge
of a scoundrel." --Samuel Johnson.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
