On Fri, Feb 21, 2003 at 02:21:10AM -0800, Paul Johnson wrote: > On Thu, Feb 20, 2003 at 11:45:33AM -0600, Nathan E Norman wrote: > > gibraltar is not what you want. Install the "ipmasq" package. > > Well, if we're talking only a single computer altogether, then making > sure you don't have any services that aren't being used installed, and > make sure the ones that are being used are both properly configured > and patched in an intelligent manner should really cover your bases. > If it's a home box with no services to the outside world, you can > pretty much remove all services but the MTA, reconfigure the MTA to > not listen outside of localhost and learn a little iptables to close > everything off that isn't originating from the box or related to an > existing connection.
Agreed. However, the script this guy posted indicated he was doing NAT (though it's still not clear to me that it's needed :-) which is why I mentioned the ipmasq package. It's not perfect but IMO it's a good starting point for newbies. -- Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED] People demand freedom of speech to make up for the freedom of thought which they avoid. -- Soren Aabye Kierkegaard
pgp00000.pgp
Description: PGP signature
