[EMAIL PROTECTED] wrote:
> In following rules, as my Isp assigns me dynamic IP adresses, by what can
> I replace "<Dynamic IP_assigned to you by _your_ISP> "?? ..by a command
> such as "ISP_IP" ?? Thanks to clarify that ..
>
>
> # Set up firewall to allow my local network to access the Internet:
>
> ipfwadm -O -a accept -P tcp -S <Dynamic IP_assigned to you by _your_ISP> -D
>0.0.0.0/0 smtp pop-3 telnet www ftp
Do you really need to restrict outbound packets? The above will
prevent you from connecting to HTTP servers which aren't running on
port 80, and will prevent you from using passive-mode FTP.
> ipfwadm -I -a accept -P tcp -k -S 0.0.0.0/0 smtp pop-3 telnet www ftp -D <Dynamic
>IP_assigned to you by _your_ISP>
There doesn't seem to be much point restricting the destination IP
address if you're on a dial-up link, as every packet which you receive
will have that destination IP address.
It seems to me that the concepts behind your firewall policy are
fundamentally flawed.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
