On Sat, May 25, 2002 at 07:58:42PM +0100, Adam D. Barratt wrote:
Nick Drage wrote, Saturday, May 25, 2002 7:57 PM
On Sat, May 25, 2002 at 05:29:13PM +0100, Scott Waye wrote:
This is my first post to this group so please bear with me. I have
installed a 2.4.18 kernel with the latest
On Mon, May 27, 2002 at 05:13:06PM -0500, Robin Cook wrote:
Joe Patterson wrote:
What is the command to add an ip alias to an interface without creating
a subinterface?
ip address add $IPADDR dev $DEVICE
Thanks. That command is from iproute2 package correct?
This doesn't come with my
On Tue, May 28, 2002 at 12:43:04AM -0700, Stewart Thompson wrote:
I'm on a local machine with interface eth0 down. I manually enter the
iptables policy DROP for all three normal chains, and then start up
interface eth0 with 'ifup eth0' (eth0 is configured with dhcp and
ONBOOT=n).
In this
On Tue, May 28, 2002 at 04:50:05PM -0400, Ramin Alidousti wrote:
On Tue, May 28, 2002 at 01:17:32PM -0700, Stewart Thompson wrote:
Thanks for the excellent description Evan.
Yes. Truely, a very good explanation.
Seconded.
But I have one question:
You say, the default policy DROP
On Tue, May 28, 2002 at 09:00:33PM +0200, Axel Christiansen wrote:
hi,
cause you drop packets. nmap interprets this as filtered. the usual behavior
would be icmp port unreachable witch causes nmap to show these ports
as closed.
The usual behaviour would be for a tcp RST to be sent back,
On Tue, May 28, 2002 at 03:10:12PM -0400, Ramin Alidousti wrote:
On Tue, May 28, 2002 at 09:00:33PM +0200, Axel Christiansen wrote:
snip
But, you're right. The decision between DROP and REJECT is a very
tough one. Some two or three weeks ago we were pleading for DROP
for some valid reasons
On Thu, May 30, 2002 at 08:55:17PM +0100, Antony Stone wrote:
On Thursday 30 May 2002 3:13 pm, [EMAIL PROTECTED] wrote:
This type of ICMP message will be RELATED to an existing TCP
connection, therefore it will be allowed through the firewall by the
sort of rulset Claudio was using -
On Sun, Jun 02, 2002 at 05:00:44PM +0200, Patrick Schaaf wrote:
So - as a general rule, what does one do? What do people block and what
do they accept??
General rule: block everything, log the blocking, stare at the logs while
doing what needs to be done, and then accept what is
On Mon, Jun 03, 2002 at 12:55:26AM -0400, Ramin Alidousti wrote:
On Mon, Jun 03, 2002 at 09:47:07AM +0500, Alexey Talikov wrote:
See log
I understand your reasoning. But he seems to be aware of the hub/switch
situation and he claims that he has a hub between the two interfaces and
On Sun, Jun 02, 2002 at 11:25:31PM -0400, Shazad Malik wrote:
I have seen other explanations such as incresing your tcp max number as
your physical mem. increase. Check you /proc/net/ip_conntrack file for the
current connections. But none of these factors have anything to do with
this
On Mon, Jun 03, 2002 at 06:36:12AM -0700, Art Reisman wrote:
Yes I know this is not quite on topic , but I'm geting there, before I can
use iptables the way I wanted , this was sort of background work.
Fair enough :)
Here is my topology
T1-GatewayHub---Wireless-PC1
On Mon, Jun 03, 2002 at 11:34:32PM +0200, Rasmus Bøg Hansen wrote:
On Mon, 3 Jun 2002, Shazad Malik wrote:
Jun 3 08:03:28 new kernel: ip_conntrack: table full, dropping packet.
Seriously, I going beserk now! I just have two machine sitting behind
my test box and just one user(thats
On Tue, Jun 04, 2002 at 10:41:58AM -0700, Brian Ugie wrote:
Below is the hosts portion of nsswitch.conf. The actual hosts file is
below that. I have also included the simple config that I am using for
iptables. I have seen the -n option but it is not relevant for appending,
inserting or
On Wed, Jun 05, 2002 at 01:27:41PM +, Francisco Alfonso Martinez Lopez wrote:
Hi everybody,how I can denied smurf atacks over my host,it's a single
connection to Internet,any possibilitie of denied smurf atack on the
firewall?(my host execute dual boot:suse linuxwindows)
A Smurf attack
On Wed, Jun 05, 2002 at 04:04:06PM +0200, Maciej Soltysiak wrote:
A Smurf attack is effective just by the sheer weight of traffic sent to
you, rather than because of any weakness in your host, so unfortunately
there is nothing you can do on your host to harden it against this type
of
On Wed, Jun 05, 2002 at 01:55:49AM +0200, Christian Hubinger wrote:
I would be very thankful if anyone could show me a diagramm (or where to
find one) of the netfilter achitectuer with all it's tables and chains and
of course the order in which the packetes are passing the chains/tables.
On Thu, May 30, 2002 at 09:01:32PM -0400, Joe Patterson wrote:
kind of the same way that a system determines what an ICMP message relates
to. For example, the format of an ICMP unreachable message, which includes
such messages as the fragmentation needed and all the network/host/port
On Wed, Jun 05, 2002 at 03:07:20PM -0700, Nathan Cassano wrote:
Hi NetFilter Gurus,
I have heard that ip_conntrack will allow ICMP packets pass that
are related to an existing connection. My question is what specific
related ICMP packets does conntrack allow for a given connection?
On Sat, Jun 15, 2002 at 11:33:23PM +0100, Antony Stone wrote:
On Saturday 15 June 2002 11:14 pm, Brian Capouch wrote:
I wonder if the sages on this list might share advice as to whether or
not it might be practical to maintain a working ISP where ALL client
machines use private IP
On Fri, Jun 21, 2002 at 01:20:16PM -0400, Ramin Alidousti wrote:
What rules do you have ?
how would i know if what kind of rules do i have?
You could, eg, cat your firewall script, ie, if you knew
where it was.
Run iptables -L -n and, as long as it isn't too long, send the results to
On Fri, Jun 21, 2002 at 12:33:15PM -0500, Krish Ahya wrote:
Hi all,
I was just wondering, is Netfilter as good as Cisco's PIX and Checkpoint's
Firewall-1, if not better?
Depends what you mean by good, which is a little too general to rate
something as complex as a firewall. In relation to
21 matches
Mail list logo