On Saturday 24 May 2008 21:55:57 Robert Spangler wrote:
First of all, thank you Robert for pointing some points. For the sake of
discussion, may I say something too?
Since you believe that he wants a very strict firewall why are you setting
the default policy's to ACCEPT? Security 101, strict
iptables will process rules until a match. If the match is -j
ACCEPT/REJECT/DROP, it will end processing there. If it's -j
another_chain, it will jump to the other chain. If it matches a rule
in the other chain with -j ACCEPT/REJECT/DROP, it will stop processing
there. Otherwise, if no rules in
On Saturday 24 May 2008 10:25:41 Robert Spangler wrote:
On Friday 23 May 2008 21:31, Fajar Priyanto wrote:
Actually I have written a small tutorial on iptables, but I haven't
translated it into english. I'll let you know when it's done. Hopefully
it will be useful for others.
Please have
Fajar Priyanto wrote:
On Saturday 24 May 2008 10:25:41 Robert Spangler wrote:
On Friday 23 May 2008 21:31, Fajar Priyanto wrote:
Actually I have written a small tutorial on iptables, but I haven't
translated it into english. I'll let you know when it's done. Hopefully
it will be useful for
On Saturday 24 May 2008 15:57:51 Ned Slider wrote:
There is already an iptables tutorial on the Wiki:
http://wiki.centos.org/HowTos/Network/IPTables
Rather than reinventing the wheel, perhaps you would like to take a look
at that and consider contributing and/or helping to improve it if you
On Sat, May 24, 2008 at 2:49 AM, Joseph L. Casale
[EMAIL PROTECTED] wrote:
Appreciate the help, but I think I am still unsure of that last point.
If the default policy for INPUT is DROP, and a rule allowing traffic
is not matched, once it gets to the end it performs the default policy
action
On Friday 23 May 2008 11:03, Fajar Priyanto wrote:
On Thursday 22 May 2008 22:30:29 Joseph L. Casale wrote:
I have a dual homed server in an install for someone who is very cost
sensitive. This server originally is being setup as an Asterisk server,
but now the simplest thing for me to
On Thursday 22 May 2008 22:30:29 Joseph L. Casale wrote:
I have a dual homed server in an install for someone who is very cost
sensitive. This server originally is being setup as an Asterisk server, but
now the simplest thing for me to do is also set it up to provide internet
access for the
Fajar,
I really appreciate all the detailed help here! I have some questions.
Hi JLC,
There are 2 ways to implement firewall: negative list and positive list. Looks
like you want a very strict one that is positive list.
Assuming eth0 is WAN, and eth1 is LAN (assuming 192.168.0.0/24)(please mind
On Fri, May 23, 2008 at 12:25 PM, Joseph L. Casale
[EMAIL PROTECTED] wrote:
In terms of Cisco ACL's, how does
iptables work, does it simply continue processing until it sees something
explicitly
denying if the default policy is ACCEPT, versus DROP, will it continue
processing until
it sees
On Friday 23 May 2008 23:25:36 Joseph L. Casale wrote:
Assuming eth0 is WAN, and eth1 is LAN (assuming 192.168.0.0/24)(please
mind the word wrap): #Clear all rules and policies first:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat
On Friday 23 May 2008 21:31, Fajar Priyanto wrote:
Actually I have written a small tutorial on iptables, but I haven't
translated it into english. I'll let you know when it's done. Hopefully it
will be useful for others.
Please have someone, or for that matter a few people, who have a good
I have a dual homed server in an install for someone who is very cost sensitive.
This server originally is being setup as an Asterisk server, but now the
simplest
thing for me to do is also set it up to provide internet access for the small
shop as well.
So it will have one external, WAN
On Thu, May 22, 2008 at 8:30 AM, Joseph L. Casale
[EMAIL PROTECTED] wrote:
I have limited experience with iptables and would love some guidelines. Any
pointers
would be greatly appreciated!
This CentOS wiki may help:
http://wiki.centos.org/HowTos/Network/IPTables
Akemi
This CentOS wiki may help:
http://wiki.centos.org/HowTos/Network/IPTables
Akemi
Akemi,
That was helpful (I should have checked the wiki:).
After reading that and the RH related links, I think I have what I need
but I am unclear about one aspect. What is the correlation between filtering
LAN
15 matches
Mail list logo
