On Mon, 20 May 2002, Brian wrote: > I generally create a 'sanity' chain on my input ruleset that gets run > first. It would look something like this: > > A few notes on how you might elaborate on this: fix the 224 netmask, add > some limits to prevent ping/syn/whatever floods (do something like > 'iptables -p icmp -m limit -j ACCEPT;iptables -p icmp -j DROP').
This is an excellent idea! I love it. I wish I had thought of it! If you have the ability (and it's not private information) would you be willing to share that chain's rules? Ben -- To be wronged is nothing unless you continue to remember it. ~ Confucius
