/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
As an early setup I did the "no-brains" 2-line ipchains configuration
setting a deny-all default policy and allow all outgoing for masqueraded
forwarding.
In my configuration the masquerading/firewalling is done on the same
Linux server that handles all my internal functionality, as well as
external DNS, http, ftp, etc. I expected that with the above policies
all internet-originated traffic would be blocked, but found that I can
still use telnet, DNS, etc from the internet.
Is this an indication that the ipchains policies only apply to traffic
between the inside and outside network and not to the firewall machine
itself? Or is it just that I have to delve deep into all the ipchains
options and put in better and more specific policies?
If ipchains does not protect the firewall machine, can you recommend a
way to accomplish that?
Thanks,
bruno
[demime 0.91c removed an attachment of type text/x-vcard which had a name of bruno.vcf]
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
