On 4 Jul 2005, KC wrote:
[...]
> *nat
> :PREROUTING DROP [0:0]
> :POSTROUTING DROP [0:0]
> :OUTPUT DROP [0:0]
> COMMIT
I thought that using a policy of DROP in the nat tables would result in
anything that wasn't NAT-ed being prevented from passing through by
iptables.
I can't find any documenta
Hi,
My firewall script doesn't have a problem with it's rules it is just
missing something important because when firehol tries it it doesn't give
any significant errors. When I turn on my previous firewall it works fine.
The place I am working in is a remote place where I am just setting up a
ne
On 4 Jul 2005, Paul Gear wrote:
> Daniel Pittman wrote:
>> ...
>> Shorewall, like many firewall packages, gives you[1] a whole bunch of
>> configuration options, which turn on or off features in the pre-packaged
>> firewall you have.
>>
>> This tends to make it hard to do strange things like playin
Daniel Pittman wrote:
> ...
> Shorewall, like many firewall packages, gives you[1] a whole bunch of
> configuration options, which turn on or off features in the pre-packaged
> firewall you have.
>
> This tends to make it hard to do strange things like playing with DSCP
> tagging of packets, or de
Penis Growth Extreme
http://www.siratu.com/ss/
Law is order in liberty, and without order liberty is social chaos.
Do not let us mistake necessary evils for good.
But if used for retribution, magic is vengeance incarnate.
Anything's possible if you've got enough nerve.
Televisi
On Sun, 03 Jul 2005 12:23:13 +0200, Daniel Pittman <[EMAIL PROTECTED]>
wrote:
Thanks a lot! It was really comprehensive!
And according to what you wrote - I'll stick with shorewall since it does
everything I need and it's easy to manage. On the other hand - I'll start
to learn iptables beca
On 3 Jul 2005, Jakub Sporek wrote:
> On Sun, 03 Jul 2005 05:07:02 +0200, Daniel Pittman <[EMAIL PROTECTED]>
> wrote:
>
>> I found that 'firehol' was quite a surprise to me -- not only didn't it
>> suck, it actually improved my hand-written firewall somewhat.
>
>> Unlike everything else, it doesn't
Daniel Pittman wrote:
> ...
>>>Finally, that is a pretty complex firewall script, and obviously
>>>somewhat hard to maintain. Maybe you would get better value for your
>>>time by using an existing firewall helper like 'firehol', or something,
>>>than re-doing the work that went into the existing t
On Sun, 03 Jul 2005 05:07:02 +0200, Daniel Pittman <[EMAIL PROTECTED]>
wrote:
I found that 'firehol' was quite a surprise to me -- not only didn't it
suck, it actually improved my hand-written firewall somewhat.
Unlike everything else, it doesn't tell you to fill in three values in a
config
Daniel Pittman <[EMAIL PROTECTED]> wrote:
> Sure, a lot of them suck. In fact, most of them *really* suck, in my
> opinion.
>
> I found that 'firehol' was quite a surprise to me -- not only didn't it
> suck, it actually improved my hand-written firewall somewhat.
Firehol still sucks: It's ba
10 matches
Mail list logo
