appologies for wrong subject line
:)
KC wrote:
> Hi, I have posted my first firewall script previously.. this is basically
> the same script but it is optimized..
>
>
> #! /bin/bash
>
> #modprobe ip_conntrack_FTP
>
> ### SYMBOLIC CONSTANTS ###
>
> CONNECTION_TRACKING="1"
> DHCP_CLIENT="1"
>
Hi, I have posted my first firewall script previously.. this is basically
the same script but it is optimized..
#! /bin/bash
#modprobe ip_conntrack_FTP
### SYMBOLIC CONSTANTS ###
CONNECTION_TRACKING="1"
DHCP_CLIENT="1"
INTERNET="eth1"
LOOPBACK_INTERFACE="lo"
IPADDR=`ifconfig eth0|awk '/inet/{p
Ferie / Vacation
Jeg er på ferie frem til mandag den 18. juli. Din mail vil ikke blive læst før.
Ved hastesager: Kontakt Sune Vestergaard([EMAIL PROTECTED]) eller Thomas
Lorenzen ([EMAIL PROTECTED]).
I'm on vacation until monday 18th of July. Your e-mail will not be read before
that. On urgen
Ferie / Vacation
Jeg er på ferie frem til mandag den 18. juli. Din mail vil ikke blive læst før.
Ved hastesager: Kontakt Sune Vestergaard([EMAIL PROTECTED]) eller Thomas
Lorenzen ([EMAIL PROTECTED]).
I'm on vacation until monday 18th of July. Your e-mail will not be read before
that. On urgen
cvs 1.11.1p1debian-11 seems to be in the wrong distribution:
should be in woody-security (oldstable) but is in sarge-security.
/peter
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tuesday 05 July 2005 12:01 pm, michael wrote:
> I saw the following in my 'tiger' output
> --FAIL-- [dev002f] /dev/log has world permissions
>
> which is indeed true:
>
> $ file /dev/log
> /dev/log: socket
> $ ls -lt /dev/log
> srw-rw-rw- 1 root root 0 2005-06-28 13:28 /dev/log
>
> but I c
I saw the following in my 'tiger' output
--FAIL-- [dev002f] /dev/log has world permissions
which is indeed true:
$ file /dev/log
/dev/log: socket
$ ls -lt /dev/log
srw-rw-rw- 1 root root 0 2005-06-28 13:28 /dev/log
but I cannot find a manual page etc that tells me what this socket is
for o
Don't look no further than here. We have phenomenal amount of members..
over 2MLN women on VVEBcam
Never spend, its f2ee
www.dating4now.com
=20
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi!
On Tuesday 05 July 2005 14:00, Daniel Pittman wrote:
> /sbin/iptables -t filter -A in_world_http_s1 -p tcp --sport 1024:65535
> --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
> /sbin/iptables -t filter -A out_world_http_s1 -p tcp --sport 80 --dport
> 1024:65535 -m state --state ESTABL
On Tuesday, 5 de July de 2005 14:11, Michael Stone wrote:
> On Tue, Jul 05, 2005 at 10:00:53PM +1000, Daniel Pittman wrote:
> >/sbin/iptables -t filter -A in_world_http_s1 -p tcp --sport 1024:65535
> > --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT /sbin/iptables -t
> > filter -A out_world_h
Ferie / Vacation
Jeg er på ferie frem til mandag den 18. juli. Din mail vil ikke blive læst før.
Ved hastesager: Kontakt Sune Vestergaard([EMAIL PROTECTED]) eller Thomas
Lorenzen ([EMAIL PROTECTED]).
I'm on vacation until monday 18th of July. Your e-mail will not be read before
that. On urgen
Michael Stone wrote:
On Tue, Jul 05, 2005 at 11:57:37PM +1000, Daniel Pittman wrote:
As to trusting the firewall, or not, there has been at least one bug
where attackers could manipulate the content of the conntrack expect
table remotely. Other bugs, local or remote, are not out of the
questi
On Tue, Jul 05, 2005 at 11:57:37PM +1000, Daniel Pittman wrote:
As to trusting the firewall, or not, there has been at least one bug
where attackers could manipulate the content of the conntrack expect
table remotely. Other bugs, local or remote, are not out of the
question.
No they're not. Bu
On 5 Jul 2005, Michael Stone wrote:
> On Tue, Jul 05, 2005 at 10:00:53PM +1000, Daniel Pittman wrote:
>> /sbin/iptables -t filter -A in_world_http_s1 -p tcp --sport 1024:65535
>> --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT /sbin/iptables
>> -t filter -A out_world_http_s1 -p tcp --sport 80
On Tue, Jul 05, 2005 at 10:00:53PM +1000, Daniel Pittman wrote:
/sbin/iptables -t filter -A in_world_http_s1 -p tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A out_world_http_s1 -p tcp --sport 80 --dport 1024:65535 -m state --state ESTABLIS
On 5 Jul 2005, Paul Gear wrote:
> Daniel Pittman wrote:
>> ...
>>> So, probably, the best way to go is allowing the R/E packets alongside their
>>> "new state" counterparts. It also clarifies where the packets are accepted
>>> and WHY. Also, "iptables -v" should be a lot more useful than before.
>
Daniel Pittman wrote:
> ...
>>So, probably, the best way to go is allowing the R/E packets alongside their
>>"new state" counterparts. It also clarifies where the packets are accepted
>>and WHY. Also, "iptables -v" should be a lot more useful than before.
>
>
> That was my point, basically. Than
17 matches
Mail list logo
