-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Franck Joncourt wrote: > I do not think the same way you do. If you are not running any servers, > except ssh
I never said that. I said that ssh is the only port forwarded from the firewall to the machine. The machine is used internally for various services (intranet, CVS, DHCP, and a few others). Hmmmm... does that mean I should really set up two machines, one in a DMZ for my ssh services, and the other for my internal services? > ? I control traffic for the OUTPUT chain to prevent some backdoors, if > there is one, from causing damages to my computer by bypassing normal > authentication. I think I see where you're coming from. I should set up my input and output chains to deny everything by default, and explicitly allow outgoing connections on whatever services the machine needs or provides. Is that what you're getting at? > If you want to read more about iptables : > > http://iptables-tutorial.frozentux.net/iptables-tutorial.html Thanks for the tip. - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGLBwyLdDyDwyJw+MRAkplAKCc8YR6fgk/K3/LF4whjZ1ymi/yCwCg65FB aC2tZE3+WkY67hf0ZkMeymA= =UHNX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
