In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Am Donnerstag, 10. Juli 2003 22:18 schrieb Blars Blarson:
>> iptables -A INPUT -p tcp --dport 80 -s ! 127.0.0.1 -j DROP
>...dropping anything tcp on port 80 but from 127.0.0.1 ?
Yes.
>Somehow I get confused - what port is used to connect to LAN via eth0 ?
Port 80 is the http. Interface eth0 would be -i eth0 for input,
-o eth0 for output.
You realy need to read some iptables documentation before using it.
>If apache is started by inetd over tcpd, would it be be enough to configure
>/etc/hosts.allow and deny ?
Probably. I have more experience with iptables.
>Though i really like commands more than that - is there a usable linux GUI ?
Not that I know of. Most attempts try to make things easy for the
user by omitting many needed features.
My boss would like to see one. He can't understand why I prefer
editing control files to hunting through the many levels of menus it
would take to do the same thing. Let me know if you find something
that can handle all the iptables options, and lets me do what I can
controling the details of interface configuration and routing with the
ip command. (ifconfig and route make assumptions that arn't always
true.)
>I mean, for a whole suite of security configurations.
>( i know linuxconfig, but this is not very security-specific.
linuxconfig as used on redhat is very broken. If any program on
Debian trounced my config files like that I'd be filing serious bugs.
>( I shall lookup webmin, i guess)
--
Blars Blarson [EMAIL PROTECTED]
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
