On Sun, Dec 15, 2002 at 07:15:25PM -0800, Torrin wrote:
I'll also add connection tracking in my iptables script. Is
there anything I can do in my ipchains script?
did you ever look at the SuSEfirewall{,2} scripts by marc heuse?
GPL, will work with any distro, maybe small changes where to
I am using the v1 scripts on Debian 3.0r0. IIRC, I had to change one
directory in the INSTALL script. SuSE puts the symlinks in
/etc/init.d/rcX.d and Debian puts them in /etc/rcX.d/. Edit the
script before running it. I like it because it works at the policy
level of Internet, DMZ, and
* Quoting andrew lattis ([EMAIL PROTECTED]):
#connections to lo
$iptables -A OUTPUT -p ALL -o $lo_iface -s $lo_ip -j ACCEPT
#allow the rest
$iptables -A OUTPUT -p ALL -o $eth_iface -s $eth_ip -j ACCEPT
#log the rest
$iptables -A OUTPUT -m limit --limit $log_limit --limit-burst
On Sun, Dec 15, 2002 at 07:15:25PM -0800, Torrin wrote:
I'll also add connection tracking in my iptables script. Is
there anything I can do in my ipchains script?
did you ever look at the SuSEfirewall{,2} scripts by marc heuse?
GPL, will work with any distro, maybe small changes where to
* Torrin ([EMAIL PROTECTED]) [021215 19:21]:
Nicolas Boullis wrote:
* Torrin ([EMAIL PROTECTED]):
iptables -A INPUT -i eth0 -j ACCEPT -p TCP -s 0.0.0.0/0 --source-port
domain #53
iptables -A INPUT -i eth0 -j ACCEPT -p UDP -s 0.0.0.0/0 --source-port
domain #53
Hey! I'm a nice port,
I am using the v1 scripts on Debian 3.0r0. IIRC, I had to change one
directory in the INSTALL script. SuSE puts the symlinks in
/etc/init.d/rcX.d and Debian puts them in /etc/rcX.d/. Edit the
script before running it. I like it because it works at the policy
level of Internet, DMZ, and
I changes the subject and started a new thread here. Anyway . . .
Nicolas Boullis wrote:
You should add the rule:
$IPTABLES -A INPUT -j ACCEPT -i eth0 -m state --state ESTABLISHED,RELATED
Thanks, those rules that I gave as an example are from my workstation which
has 2.4 kernel installed. I
On 2002/12/15 07:15:25PM -0800, Sun, Torrin wrote:
I changes the subject and started a new thread here. Anyway . . .
# Drop spoofed packets
iptables -A INPUT -i eth0 -j DROP -s 192.168.1.3 -d 0.0.0.0/0
What about outgoing spoofed packets? They didn't get dropped in this
script
at all.
I changes the subject and started a new thread here. Anyway . . .
Nicolas Boullis wrote:
You should add the rule:
$IPTABLES -A INPUT -j ACCEPT -i eth0 -m state --state ESTABLISHED,RELATED
Thanks, those rules that I gave as an example are from my workstation which
has 2.4 kernel installed. I
On 2002/12/15 07:15:25PM -0800, Sun, Torrin wrote:
I changes the subject and started a new thread here. Anyway . . .
# Drop spoofed packets
iptables -A INPUT -i eth0 -j DROP -s 192.168.1.3 -d 0.0.0.0/0
What about outgoing spoofed packets? They didn't get dropped in this
script
at all.
10 matches
Mail list logo