On Wed, Sep 17, 2003 at 11:13:48AM -0700, Brad Davidson wrote: > #everything else is logged and then dropped > iptables -A sort -j LOG --log-level info > iptables -A sort -j DROP This has a similar problem as Bob's original script. Logging without limits.
> #jump to the sorting rule from input and forward. > #output isn't really worth worrying about IMHO - the > #unwanted hosts don't get in, so why would there > #be anything going back to them > iptables -A INPUT -j sort > iptables -A FORWARD -j sort I used to think so. Then our network got a worm from an infected laptop and the worm scanned for hosts outside of our network. There are also users to think about. Really my users don't need any more internet access than tcp port 80, and tcp/ftp for a few. Why give them any more unless they ask? Better then having a worm spread or someone cracking from my network. Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
