On Wed, Feb 02, 2011 at 12:18:05PM -0800, Daniel M. Head wrote: > I tried to send this yesterday, but was having some issues with > the wireless network.
Someday, I need to do better tests of my own iptables setup. Thinking about Dan's problem, I stumbled across this: http://ozlabs.org/~jk/projects/nfsim/howto/ I don't know whether it is actually useful, but it appears to be a way to test the iptables rules offline. After the rules are tested and installed, I would use something like nessus to see if they are keeping the bad guys out. I've been thinking about how secure my own firewall is. I looked at the stats for my firewall machine last night. In the last 70 days, I saw a total of ~40GB of movement on eth0, the WAN port, and only ~20GB of movement on eth2, the internal LAN port. Since I do nightly dirvish backups on all machines, including the firewall, I would expect slightly more internal than external traffic. This makes me wonder if the firewall is 0wned and being used to spew spam, or whether it is merely fending off a lot of attacks. I will turn on more logging and observation. Keith -- Keith Lofstrom [email protected] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
