Hi hypoj,
Ne^'u ba.n xem la.i ca'i script, default policy cho INPUT la` DROP. CO' nghi~a la` khi ba.n mo+? web browser ra va` go~ va`o http://search.yahoo.com/search?ei=UTF-8&fr=sfp&p=Explanation+of+ESTABLISHED%2C+RELATED+in+iptables thi` tha^'y ca'i browser no' cu+' ddu+'ng im kho^ng nhu'c nhi'ch hay bi. bao' la` Host not found. Ta.i sao vay? Vi` khi ba.n ddi ra ngoa`i, tu+'c la` ba.n vu+`a mo+? mo^.t NEW connection, khi search.yahoo.com no' tra? lo+`i la.i nhu+ng no' bi. iptables cu?a ba.n no'i hmmm, tao kho^ng cho ma`y va`o (iptables -P INPUT DROP). Do ddo' mi`nh ca^`n mo^.t ca'i rule dde^? cho ta^'t ca? ca'c connections na`o tra? lo+`i mo^.t connection dda~ co' sa(~n (ESTABLISHED) do tu+` ba.n ba('t dda^`u hay la` mo^.t NEW connection nhu+ng dde^? tra? lo+`i mo^.t ca'i co' sa(~n (RELATED) cu~ng do tu+` ba.n ba('t dda^`u.
Ba.n ne^n do.c the^m TCP/IP. DDo.c ta`i lie^.u ve^` firewall kho^ng cu~ng kho^ng tha^'m, pha?i la`m luo^n thi` mo+'i nho+'/hie^?u to^'t ho+n.
-Larry
http://www.nhÃmlinux.net
Ki'nh ba'c,
Ca'i vu. na`y thi` mi`nh dda~ hie^?u ro^`i, ba'c gia?ng the^m ca'i ddoa.n na`y vo+'i:
for interface in /proc/sys/net/ipv4/conf/*/rp_filter do echo 1 > $interface done
Big thanks,
-- hypoj Microsoft is not the answer, it is the question. The answer is NO!!!
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ VietLUG-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/vietlug-users
