mess-mate wrote: > Tom Eastep <[EMAIL PROTECTED]> wrote: > | mess-mate wrote: > | > Tom Eastep <[EMAIL PROTECTED]> wrote: > | > | mess-mate wrote: > | > | > Is there a way to setup the rules for closing all not used ports > | > | > explicitely manually ? > | > | > As for example in the policy at the end: > | > | > # THE FOLLOWING POLICY MUST BE LAST > | > | > all all > | > | > | > | That's exactly what that policy is intended to do. > | > | > | > Ok, so if i set it to: > | > all all DROP > | > DROP=ignore isn't, why are these ports responded as 'closed' ? > | > > | > If i set for example in the rules: > | > DROP net fw tcp 0:60 > | > all thes ports do not respond, here the 'ignore' works. > | > | What is your entire policy file? > | > loc net ACCEPT > loc dmz ACCEPT > loc $FW ACCEPT > loc rtr ACCEPT > loc all DROP info > $FW net ACCEPT > $FW dmz ACCEPT > $FW loc ACCEPT > $FW all DROP info > dmz net ACCEPT > dmz $FW ACCEPT > dmz loc DROP info > dmz all DROP info > net dmz ACCEPT > net $FW ACCEPT
The above two policies are a security disaster. They make your firewall and your DMZ wide open to attack from the net. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
