Thank you all for your suggestions. I will use them. --- "Rodolfo J. Paiz" <[EMAIL PROTECTED]> wrote: > At 5/15/2002 10:05 AM +1000, you wrote: > > >You're doing this backwards. What you want is: > > > > /sbin/ipchains -P input REJECT > > /sbin/ipchains -P output REJECT > > /sbin/ipchains -P forward DENY > > > >and then a bunch of rules to ACCEPT _only_ what you > expect. > >Much much safer. > > Good advice. Better still is to use: > > /sbin/ipchains -P input DENY > /sbin/ipchains -P output DENY > /sbin/ipchains -P forward REJECT > > People trying to get into your box will get their > packets silently dropped > and receive a timeout, whily you, trying to get out, > will receive an > immediate error if you've misconfigured something. > This is less unpleasant > than waiting minutes for your own firewall to time > you out. > > Note that you should explicitly REJECT connections > to port 113 from the > outside in order to avoid timeouts due to IDENT > requests. For example, when > you try to send mail, some servers will send back an > IDENT request on > 113/tcp. If you DENY that, you'll sit there waiting > for a minute while the > request times out; if you REJECT it, you'll get much > quicker results. > > Finally, running your script *once*, making sure > your firewall is > configured how you want it, then issuing the > "service ipchains save" > command, will make your configuration permanent. You > do not need to rerun > the script every time from rc.local. Then, if you > want to make changes, you > change your script, rerun your script, and again > issue "service ipchains > save" to save your changes. > > > -- > Rodolfo J. Paiz > [EMAIL PROTECTED]
===== +----------------------------------------------------------+ |This message is from Serban Giuroiu, also known online | |as The Gyzmo. | |EMAIL: g y z m o b r o @ y a h o o . com | |AIM Screen Name: gyzmobro | +----------------------------------------------------------+ "Code Smarter, Not Harder" - off the Desaware t-shirt I have __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
