On Fri, Feb 08, 2002 at 07:51:43PM +0100, martin f krafft wrote: > also sprach Gareth Bowker <[EMAIL PROTECTED]> [2002.02.07.1017 +0100]: > > If you're worried about missing stuff out, you could start with a firewall > > that defaults everything to DROP and go from there... > > good point. any-any-any-DROP is what i call the base firewall. there > is *no* argument for a firewall that's based on anything but this > essential rule. there *should* also be a rule any-any-any-LOG right > before.
Hopefully with a limit option.
--
Florian Friesdorf <[EMAIL PROTECTED]>
OpenPGP key available on public key servers
------> Save the future of Open Source <------
-> Online-Petition against Software Patents <-
------> http://petition.eurolinux.org <-------
pgpxLLJRDepIa.pgp
Description: PGP signature
