> On Wed, 2006-07-19 at 23:08 -0700, The Nice Spider wrote: >> let's me tell you in these steps (sorry for my bad >> english): >> 1. I have 2 NIC: 1 internal and 1 external. the >> external is using public IP. >> 2. on yast, i check masquerading >> 3. external and internal allowed service ONLY listed: >> http >> 4. but my clients can access any outside POP/SMTP >> server (including yahoo >> using Ypops in their local PC), and maybe many others >> services. >> > > If you want to control _outbound_ access look into using squid, that is > what it was designed for. The firewall is designed mainly for _inbound_ > access control. > > KS > oops! i see sf2 also open unpriviledges ports! i suggest to block all icoming ports by default otherwise open only priviledges ports! using squid is not the solution, because iptables can handle this simple thing.
bug in sf2 documentation: - section 11. default value is no BUT my clients can access port >6000 for IRC! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
