Hello again,
Marc Cassuto wrote:
So does that mean I have to write -I rules AND -O rules
for BOTH NIC ???
It means you can write input, output and forward rules. You don't have to
write them all. If you do depends on the level of security you need.
The default policy (on a clean boot) is
Hi everybody,
First I thank
David [EMAIL PROTECTED] ,
Fuzzy [EMAIL PROTECTED] and
Lourdes [EMAIL PROTECTED]
for their explanations.
I'm sorry for some of you, but maybe I will be a bit boring.
In fact, in spite of all your explanations,
all the things related to the rules -F -I -O are still
not
Marc Cassuto [EMAIL PROTECTED] wrote:
/sbin/ipfwadm -I -a accept -b -P tcp -S 192.168.0.7/32 80 -D 0.0.0.0/0 1024:65535
That did not work much more
You didn't say what you expect it to do, but if your intent is to allow
traffic to reach external web servers, the rule is backwards from
But I can't understand why we have to enable
all HIGH ports for reply tcp/udp traffic.
After that original email, I've updated it a little more.
See below:
So why all policies used are DENY ??
Hmmm.. good question! They should be reject!
The reason why I didn't catch this is because
.
Charlie Shoemaker
Subject: Re: [masq] Limitation problem
But I can't understand half of the rules
And this is really boring for me...
Yeah.. it is pretty dry stuff. I know where you are coming
from.
/sbin/ipfwadm -I -a accept -b -P tcp -S 192.168.0.7/32 80 -D 0.0.0.0/0
Hi all and David in particular,
If I try to build a strong firewall,
I can't use all the port limitation that should
be used with ipfwadm.
This isn't a very strong ruleset.
I knew, but it was only the begining...
Check out the
ruleset in the TrinityOS doc and see if it will do
what
Secon hello today...
David A. Ranch wrote:
Check out the
ruleset in the TrinityOS doc and see if it will do
what you need:
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
I'm working hard on this ruleset.
But I can't understand why we have to enable
all HIGH ports for reply
But I can't understand half of the rules
And this is really boring for me...
Yeah.. it is pretty dry stuff. I know where you are coming
from.
/sbin/ipfwadm -I -a accept -b -P tcp -S 192.168.0.7/32 80 -D 0.0.0.0/0
1024:65535
That did not work much more
Try pulling the "-b" option
Hi,
I 've just configured an Internet Access with the fallowing :
- linux 2.0.34 box (Slackware 3.5)
- valid Ip adress from my ISP on eth0
- network 192.168.0.x on eth1
- all network matters well configured
- no problems meet with simple forwarding
- BUT
If I try to build a strong
Hey marc,
I 've just configured an Internet Access with the fallowing :
- linux 2.0.34 box (Slackware 3.5)
Upgrade that kernel to at least 2.0.36. To be honest, I
would recommend to upgrade to the 2.2.x kernels since it
sounds like its MUCH faster too. But, be warned, you'll
have to convert
10 matches
Mail list logo
