Daniel Zeaiter wrote:
> I wrote in on this subject a few days ago, and I got very many helpful
> suggestions. Thankyou to those people. However I think RTFM has paid
> off. I think I've found a way to only let internal network hosts
> (192.168.1.0/24) to access my FTP server. I just need someone to tell me
> if this is totally secure.
>
> Bear in mind, I've had friends testing it, and none of them can get in,
> whereas all the internal hosts can.
>
> ipcahins -A input -s ! 192.168.1.0/24 --destination-port 21 -p tcp -j DENY
>
> Any suggestions\improvments would be welcome!
The obvious improvement is to DENY (or REJECT) everything by default,
and to have ACCEPT rules for packets which you explicitly wish to
allow.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
