On Sat, Jul 02, 2005 at 04:46:29PM -0400, KC wrote: > I need help understanding what goes wrong in this script. I cannot ping > anyone and cannot resolve as well. In fact I believe the only thing I can > get is an ip address from my isp's dhcp server.
There's no way I'm going to read through all of that and try to understand it. Perhaps you'd be better off starting with a smaller firewall script and then adding to it as you need? One thing did stand out though, you don't allow outgoing connections generally. These lines: > iptables --policy OUTPUT DROP > iptables -t nat --policy OUTPUT DROP > iptables -t mangle --policy OUTPUT DROP They seem to say "no output except that which is explictly allowed". For a big network I too would restrict outgoing connections, but for a home machine with only trusted hosts? It's an additional complication which doesn't gain you much. (Sure if you had a trojan which phoned home, or tried to compromise other hosts .. it would help. But .. in general it less useful than it appears). Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
