Thanks for your discussions, I changed my script, I'm sure it is much
improved - though not anywhere as tight as Uwe's:
#!/bin/sh
# /OPT/sbin/ziptables
# /etc/init.d/local
#
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /pr
On Tue, May 23, 2006 at 02:10:19PM +0200, marco.celeri wrote:
yes, i think this allow incoming spoofed traffic to eth0 (or it is
"martian?") but the response must follow what found in routing table ->
lo interfaces... am i wong?
Yes, but that doesn't necessarily help in the case of a single-pa
iptables -A INPUT -j ACCEPT -s 127.0.0.1 # local host
iptables -A OUTPUT -j ACCEPT -d 127.0.0.1
Correct me if I'm wrong, but I think this would also allow incoming
traffic from 127.0.0.1 to the eth0 interface. So somebody spoofing
his IP address to appear to be 127.0.0.1 could send
Hi,
> > iptables -A INPUT -j ACCEPT -s 127.0.0.1 # local host
> > iptables -A OUTPUT -j ACCEPT -d 127.0.0.1
>
> Correct me if I'm wrong, but I think this would also allow incoming
> traffic from 127.0.0.1 to the eth0 interface. So somebody spoofing
> his IP address to appear to be 127.0.
Hi,
You have FORWARD policy set to DROP (not by default but by rule) -> you don't
need "echo ... /ip_forward"
I don't like to log all what it drop, it can make full a partition and it is
not good :)
bye
> Your iptables scares me a bit, do we really have to do all that stuff
> like "echo to /
Hi,
On Mon, May 22, 2006 at 07:57:59AM -0400, George Hein wrote:
> Your iptables scares me a bit, do we really have to do all that stuff
> like "echo to /proc/sys/...". I was a TP professional many years ago
> but since the internet I have become a novice, thus running scared.
You don't really
Hi,
On Mon, May 22, 2006 at 03:16:04PM -0700, Vineet Kumar wrote:
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > echo 0 > /proc/sys/net/ipv4/ip_forward
>
> While I haven't yet gone through the actual content of the script, a
> note of style preference:
>
> Personally, I prefer using sysctl -w in
* Uwe Hermann ([EMAIL PROTECTED]) [060521 11:18]:
> echo 1 > /proc/sys/net/ipv4/ip_forward
> echo 0 > /proc/sys/net/ipv4/ip_forward
While I haven't yet gone through the actual content of the script, a
note of style preference:
Personally, I prefer using sysctl -w instead of echo > /proc/sys. I
p
Your iptables scares me a bit, do we really have to do all that stuff
like "echo to /proc/sys/...". I was a TP professional many years ago
but since the internet I have become a novice, thus running scared.
My script is simple, and perhaps too simple for some 6 PC's.
I even have FTP/20+21
Hi everyone,
this is crossposted to debian-laptop and debian-security, as I believe
it is relevant to both.
Today, I have heavily updated my (GPL'd) iptables script which I have been
using for quite a while now to secure my laptop (and various workstations).
The script is available from http://ww
10 matches
Mail list logo
