Vidar Tyldum Hansen wrote: >>if you're not going to filter output, why define rules that jump to >>empty tables? > Old reminiscent that might come in handy :) > They should have no impact, remember things work until I type too fast.
figured it was something like that, really.. >>similarily, you only filter packages from the internet on input.. >>I would prefer filtering everything in/out on every interface, and only >>allow the traffic you want in.. >>(see http://www.ranum.com/security/computer_security/editorials/dumb/) > > No traffic may pass without going through a FORWARD rule. Default policy > there is drop. > Only traffic to/from the router itself is not passed through FORWARD. which was my point.. what if the router itself becomes compromised? it'll be totally free to send whatever, whereever.. > >>http://84.234.141.4/fw - this is my setup.. > Connection refused. At least you are secure ;) that's quite bizarre... >>if no, I would suggest making a new setup, without all the extra >>chains.. you know, just to test :) > You are funny. well, I do try to spread a little happiness :) > I'll start by adding some more LOG-rules to see if I can pinpoint > something. That won't disrupt the network more than 1-2 lost packets. > Fooling around with the general setup will be the nighttime activity the > next few days if that doesn't reveal anything. well, yes, that goes without saying.. messing with vital components is reserved for the times when all the users are busy having a life :) > But I still fail to see why iptables should do something to my pakcets > just by pressing and holding a random key in an ssh session. Seems like > a stack problem to me. To be honest, I don't understand what could cause the issue.. what kind of box is the router, anyways? > Thanks anyways for reading through the files and respnding. it's not like I've got anything else of importance to do.. :) -- Morten :wq _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
