> Yes. It's a protocol which allows a system to ask a system with which
> it has a TCP connection to give it some information about who's on the
> other end of that connection. This is useful for auditing purposes,
> although you can only trust the information as much as you can trust the
> remo
On Fri, 3 Sep 1999, Mario Olimpio de Menezes wrote:
> accordingly to the man page (ipchains(8)):
>
> --destination-port [!] [port[:port]]
> This allows separate specifiction of the ports.
> See the description of the -s flag for details.
> The f
On Fri, 3 Sep 1999, Mark Brown wrote:
>
> > Unfortunately, ipchains does not like --dport:
>
> The option is --destination-port.
>
accordingly to the man page (ipchains(8)):
--destination-port [!] [port[:port]]
This allows separate specifiction of the ports.
S
On Thu, Sep 02, 1999 at 10:53:49AM -0700, Patrick Olson wrote:
> > Make sure you're allowing ident connections. Even if you don't answer
> > them, you want to refuse connections rather than dropping the packets.
> > Some systems will timeout the connection attempt.
> I'm a little confused here,
On Thu, Sep 02, 1999 at 10:55:56AM -0700, Patrick Olson wrote:
> > if you use dhcp for anything, you must enable source/destination for
> > 255.255.255.255 as well as the routes for this. This caught me some time
> > ago :(
> I don't think I use dhcp, but I'm not really sure about PPP. When usin
> > I have the following specific questions:
> > 1. Have I made any mistakes that could cause really annoying problems?
> >(perhaps unintentionally blocking something that shouldn't be blocked)
>
> if you use dhcp for anything, you must enable source/destination for
> 255.255.255.255 as well
> > if you use dhcp for anything, you must enable source/destination for
> > 255.255.255.255 as well as the routes for this. This caught me some time
> > ago :(
>
> Make sure you're allowing ident connections. Even if you don't answer
> them, you want to refuse connections rather than dropping t
On Thu, Sep 02, 1999 at 09:48:01AM -0300, Mario Olimpio de Menezes wrote:
> On Wed, 1 Sep 1999, Patrick Olson wrote:
> > I have the following specific questions:
> > 1. Have I made any mistakes that could cause really annoying problems?
> >(perhaps unintentionally blocking something that shoul
On Wed, 1 Sep 1999, Patrick Olson wrote:
>
>
> I am thinking of using IP chains to tighten security a little on my Debian
> 2.1 box. Currently, I have it set up as follows:
>
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.1.9/255.255.255.255 -j MASQ
>
> Below is a much more invol
I am thinking of using IP chains to tighten security a little on my Debian
2.1 box. Currently, I have it set up as follows:
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.9/255.255.255.255 -j MASQ
Below is a much more involved setup I created based on the information in
the HOW-TO. T
10 matches
Mail list logo