>/sbin/ipchains -P forward MASQ
>/sbin/ipchains -A forward -s 192.9.200.0/24 -d 0.0.0.0/0
>/sbin/insmod /lib/modules/2.2.0/ipv4/ip_masq_ftp.o
>
>it seems to work, but is there a security risk? i notice
>that most people seem to use /sbin/ipchains -P forward DENY
>instead of MASQ, but when i do that, nothing seems to get
>through.
A ruleset like this will work fine but its far from strong
enough to protect you from some of the losers on the Internet.
Though I don't have a IPCHAINS ruleset completed yet, check
out my TrinityOS doc. There is a LOT more to securing a Linux
box beyond just a firewall ruleset. I do hope to have a
IPCHAINS ruleset available in a few days!
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]