Hi all and David in particular,
> >If I try to build a strong firewall,
> >I can't use all the port limitation that should
> >be used with ipfwadm.
> This isn't a very strong ruleset.
I knew, but it was only the begining...
> Check out the
> ruleset in the TrinityOS doc and see if it will do
> what you need:
> http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
In fact, I already knew this link,
but first I'd like to do something I understand.
And effectively the Trinity ruleset work!!!
But I can't understand half of the rules....
And this is really boring for me...
> >#/sbin/ipfwadm -F -a accept -b -P tcp -S 192.168.0.7/32 80 -D 0.0.0.0/0
> >1024:65535
> >###### BUT THIS DOESN'T WORK !!!
> >###### AND THIS EXACTLY THE LINE I FOUND IN THE HOWTO !!!
> No... you are specifing FORWARDING here. That should be:
>
> /sbin/ipfwadm -I -a accept -b -P tcp -S 192.168.0.7/32 80 -D 0.0.0.0/0
> 1024:65535
That did not work much more....
> But.. This is kinda messed up if you want this rule to allow
> WWW browsing on the Internet. This rule is saying you are going
> to originate port 80 traffic to the Internet. This isn't
> how WWW works unless you are running a WWW server. Your
> DESTINATION should be port 80 for normal surfing.
Hummmm... Where I can find a doc about
the difference between the different list,
and in particular -F -I and -O.
Or can you explain us (for all masq reader) clearly what is their
aim???
The Ip-masquerading mini howto is a bit heavy about this...
> Learning firewall rulesets takes a while. I recommend that
> you using the TrinityOS doc as a template and open it up
> as you need. As it stands, its VERY restrictive. :)
But it does not expicit lot of things...
A big thank you David,
sincerely,
Marc CAssuto.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]