-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
J.A. Magallon wrote: |>I guess it depends upon what you're doing. In my case, the default |>settings blocked traffic to my gateway, both in and out, and effectively |>shut down the network. |> | | | I really find more useful a combination of a 5 line iptables | script to do plain forwarding and portsentry. I do not know why portsentry | was killed from the distro. | | So you could separate 'security' from 'internet sharing'.
This has nothing to do with internet sharing, this problem happened to me too - shorewall disables also *outgoing* connections from your machine by default. Blocking all incoming things is OK, but outgoing ? That's a bit of an overkill.
In a standard msec level, it should just block incoming connections, maybe with the exception of ssh port and allow all outgoing ones, so that you could get a decent configuration out of the box. On higher levels, let's lock down everything, the admin should know what to do to enable it again and a clueless idiot will not put up an unprotected server.
Regards,
Jan
- --
Jan Ciger VRlab EPFL Switzerland GPG public key : http://www.keyserver.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/WMGcn11XseNj94gRAhsSAKCwhYJO10z2Jk9uGWX2lUobx0ZaEgCgsYC8 ykE43ifTj0rxomUuDtP0iQ4= =8ay0 -----END PGP SIGNATURE-----
