Le ven 04/04/2003 � 14:06, Christian Friedl a �crit :
> Nahual Guerrero <[EMAIL PROTECTED]> writes on
> Wed, 02 Apr 2003 22:55:55 +0200 (METDST):
>
>
> >>>
>
> my $iptfh = 'iptables -F';
> my $iptin = 'iptables -A INPUT -j DROP -p tcp -s ! 127.0.0.0/255.255.255.0
> --destination-port';
> my $iptil = 'iptables -A INPUT -j LOG -p tcp -s ! 127.0.0.0/255.255.255.0
> --destination-port';
> my $iptol = 'iptables -A OUTPUT -j LOG';
> my $iptfl = 'iptables -A FORWARD -j LOG';
>
> system ("clear");
> print "Tirando de la Cadena....\n";
>
> >>>
>
>
> Hm... well first off, it's always better to change the default
> rule of the table to REJECT
DROP would be better there because you don't need to prevent attackers
that this port is filtered.> and only after that allow the ports you actually use. I know... it's a lot of work, > but far more secure, and > you learn an awful lot (like not to forget to allow nameserver connects ;-), or if > you're doing it remotely, how to charm a malevolent sysadmin into resetting those > darn rulesets *g*) > > Second... -j LOG on everything must produce incredibly large logfiles!? > And thirdly, what does "Tirando de la Cadena" mean? :-) > > c -- Pierre BETOUIN <[EMAIL PROTECTED]>
signature.asc
Description: PGP signature
