On Fri, Dec 28, 2012 at 01:07:11AM -0500, Michael Orlitzky wrote > On 12/27/2012 10:59 PM, Walter Dnes wrote: > > > > Here's my revised "Paranoia Plus" ruleset. Any comments? Because I'm > > behind a NAT-ing ADSL router/modem, many of my rules rarely see hits. > > However, I do have a backup dialup connection in case of problems, so > > most of my rules don't specify the network interface. A couple of > > notes... > > > > I did a bunch of inline comments below as I was trying to understand the > rules. At the end I give the tl;dr, but maybe the inline comments are > useful too.
Thanks. My ruleset has accumulated years of cruft. I should really sit down and rewrite the thing from square 1. I have one comment. You show what appears to be a bash script for setting up the rules. I work with the contents of file /var/lib/iptables/rules-save instead. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications