On Thu, 27 Jan 2000, Brian Engle wrote:
>there are several different arguements for and against stateful(REJECT) and
>stateless(DENY) firewalls, and many other many other mailing lists used to
>debate which is better/worse and why.
The response returned by the firewall doesn't relate to whet
On Fri, Jan 28, 2000 at 07:32:07AM +1300, Jamie Walker wrote:
> > ipchains -A input -i ppp0 -p UDP -s I.S.P.NS -d $LOCALIP 53 -j ACCEPT
> > ipchains -A input -i ppp0 -p UDP -s I.S.P.NS1 -d $LOCALIP 53 -j ACCEPT
>
> These two rules are both assuming that DNS requests are going out
I figured I wasn't quite on target with that description, I just couldn't
think of a way to phrase it
there are several different arguements for and against stateful(REJECT) and
stateless(DENY) firewalls, and many other many other mailing lists used to
debate which is better/worse and why
Brian Engle wrote:
> REJECT is a little different than DENY in that rejecting it just looks at
> the originating IP, sees if it's allowed, if not, connection closed...if
> telnet traffic is rejected and someone tries to telnet, the client almost
> immediately sends the message "Connection Refused
/ppp/ip-up so that it re-executes
with your new external IP (if you get dynamic IP assigned by your ISP)...I
can't give it a high enough review.
Brian
> -Original Message-
> From: Subba Rao [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 27, 2000 11:52 AM
> To: [
Subba Rao wrote:
> I cannot go out to the Web nor resolve any DNS names. Mail will not go out.
> My system does have a small DNS which forwards requests to my ISP's nameserver.
> Nothing really works.
[snip]
> ipchains -A input -i ppp0 -p UDP -s I.S.P.NS -d $LOCALIP 53 -j ACCEPT
>
Hi,
I have been using ipchains for a while and am fairly comfortable with them.
Now my filtering needs are growing and becoming more specific. So, I decided
to impose the DENY policy as the default on the "input" chain (for the external
interface). After I DENY everything at first and try to im