On Thu, 7 Aug 2003, Malcolm Ferguson wrote: > If I understand what I've just read from a Google search, TCP is used > when the data exceeds 512 bytes (or as you say, for zone transfers). Is > this always to TCP port 53 on the server, or can the server indicate an > alternative port in it's initial UDP responsive?
Always 53. > What is $EPHEMERAL_PORTS defined as? "1024:" or "1024:65535" perhaps? The latter. > What is $IP defined as? I presume the IP address of the name server. Yep. Actually it is only one IP from a list of 'em. That way I can say somthing like DNS_SERVERS="ip1 ip2 ip3" > This might be a dumb question There is no such question as a dumb question. `;-) There are people who don't read before asking a question, but your question is a very reasonable one. > as I've only just started reading about > stateful packet filtering this morning... is there a reason why you > don't use the connection tracking for INPUT chain? This snippet was not the full monty. If you want to see the full script go to http://huizen.dto.tudelft.nl/devries/security/iptables_example.nl.html for an explanation and to http://huizen.dto.tudelft.nl/devries/files/iptables_files.tar.gz for the archive. Currently there's only a Dutch explanation available, but I am translating it into English for another reader of the debian lists. I expect to have it available this weekend. I'll post the new link then. 'Til then you should be able to figure things out from the shell-scripts in the archive. > This might be another dumb question, but how do I tell if the connection > tracking module isn't loaded? How is this configured, enabled, > disabled, etc? lsmod should give ip_conntrack in it's listing. Please refer to the URLs given above for the full code. It is well-commented so you shouldn't have any trouble to use that as an example. Grx HdV P.S. I am on the list so you can reply to the list only and I'll see you messages. If I can I'll try to answer them (sometimes I am a bit short on time though...) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
