Nahual Guerrero <[EMAIL PROTECTED]> writes on
Wed, 02 Apr 2003 22:55:55 +0200 (METDST):
>>>
my $iptfh = 'iptables -F';
my $iptin = 'iptables -A INPUT -j DROP -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port';
my $iptil = 'iptables -A INPUT -j LOG -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port';
my $iptol = 'iptables -A OUTPUT -j LOG';
my $iptfl = 'iptables -A FORWARD -j LOG';
system ("clear");
print "Tirando de la Cadena....\n";
>>>
Hm... well first off, it's always better to change the default
rule of the table to REJECT and only after that allow the ports you actually use. I
know... it's a lot of work, but far more secure, and
you learn an awful lot (like not to forget to allow nameserver connects ;-), or if
you're doing it remotely, how to charm a malevolent sysadmin into resetting those darn
rulesets *g*)
Second... -j LOG on everything must produce incredibly large logfiles!?
And thirdly, what does "Tirando de la Cadena" mean? :-)
c
-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics
