On February 2, 2003 07:15 pm, Michael Schwendt wrote:
> Yes. And reply packets are not covered at all by that rule. And
> without knowing the complete set of rules, one cannot comment on
> this single rule anyway. The output of ipchains-save would be the
> least I would like to see. Btw, opening all priviledged ports when
> in fact you want *just* active/passive FTP (ports ftp and ftp-data)
> is a strange approach, too.
michael is right. typically you want to be way more nazi-esqe with your
firewall rules. first, you should set your policy to REJECT for your input,
output AND forward chains. then you'd explicitly ACCEPT input on certain
ports.
if you want to do it right (and you really should) pick up a copy of a good
book on firewalling. if you're interested in iptables, i suggest ("linux
firewalls" by robert l. ziegler (new riders). the book is written from a
redhat perspective too. if you dig ipchains, i believe that o'reilly has a
book on firewalls as well.
have a lot of fun ;-)
--
the reasonable man adapts himself to the world;
the unreasonable man persists in trying to adapt the world to himself.
therefore, all progress depends on the unreasonable man.
- george bernard shaw
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
