RE: [techtalk] Default Deny

2000-01-27 Thread Wendt,Andrew
On Thu, 27 Jan 2000, Brian Engle wrote: >there are several different arguements for and against stateful(REJECT) and >stateless(DENY) firewalls, and many other many other mailing lists used to >debate which is better/worse and why. The response returned by the firewall doesn't relate to whet

Re: [techtalk] Default Deny

2000-01-27 Thread Andre Pang
On Fri, Jan 28, 2000 at 07:32:07AM +1300, Jamie Walker wrote: > > ipchains -A input -i ppp0 -p UDP -s I.S.P.NS -d $LOCALIP 53 -j ACCEPT > > ipchains -A input -i ppp0 -p UDP -s I.S.P.NS1 -d $LOCALIP 53 -j ACCEPT > > These two rules are both assuming that DNS requests are going out

RE: [techtalk] Default Deny

2000-01-27 Thread Brian Engle
I figured I wasn't quite on target with that description, I just couldn't think of a way to phrase it there are several different arguements for and against stateful(REJECT) and stateless(DENY) firewalls, and many other many other mailing lists used to debate which is better/worse and why

Re: [techtalk] Default Deny

2000-01-27 Thread Jamie Walker
Brian Engle wrote: > REJECT is a little different than DENY in that rejecting it just looks at > the originating IP, sees if it's allowed, if not, connection closed...if > telnet traffic is rejected and someone tries to telnet, the client almost > immediately sends the message "Connection Refused

RE: [techtalk] Default Deny

2000-01-27 Thread Brian Engle
/ppp/ip-up so that it re-executes with your new external IP (if you get dynamic IP assigned by your ISP)...I can't give it a high enough review. Brian > -Original Message- > From: Subba Rao [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 27, 2000 11:52 AM > To: [

Re: [techtalk] Default Deny

2000-01-27 Thread Jamie Walker
Subba Rao wrote: > I cannot go out to the Web nor resolve any DNS names. Mail will not go out. > My system does have a small DNS which forwards requests to my ISP's nameserver. > Nothing really works. [snip] > ipchains -A input -i ppp0 -p UDP -s I.S.P.NS -d $LOCALIP 53 -j ACCEPT >

[techtalk] Default Deny

2000-01-27 Thread Subba Rao
Hi, I have been using ipchains for a while and am fairly comfortable with them. Now my filtering needs are growing and becoming more specific. So, I decided to impose the DENY policy as the default on the "input" chain (for the external interface). After I DENY everything at first and try to im