Vidar Tyldum Hansen wrote:
>>if you're not going to filter output, why define rules that jump to 
>>empty tables?
> Old reminiscent that might come in handy :)
> They should have no impact, remember things work until I type too fast.

figured it was something like that, really..

>>similarily, you only filter packages from the internet on input..
>>I would prefer filtering everything in/out on every interface, and only 
>>allow the traffic you want in..
>>(see http://www.ranum.com/security/computer_security/editorials/dumb/)
> 
> No traffic may pass without going through a FORWARD rule. Default policy
> there is drop.
> Only traffic to/from the router itself is not passed through FORWARD.

which was my point.. what if the router itself becomes compromised? 
it'll be totally free to send whatever, whereever..

> 
>>http://84.234.141.4/fw - this is my setup..
> Connection refused. At least you are secure ;)

that's quite bizarre...

>>if no, I would suggest making a new setup, without all the extra 
>>chains.. you know, just to test :)
> You are funny.

well, I do try to spread a little happiness :)

> I'll start by adding some more LOG-rules to see if I can pinpoint
> something. That won't disrupt the network more than 1-2 lost packets.
> Fooling around with the general setup will be the nighttime activity the
> next few days if that doesn't reveal anything.

well, yes, that goes without saying.. messing with vital components is 
reserved for the times when all the users are busy having a life :)

> But I still fail to see why iptables should do something to my pakcets
> just by pressing and holding a random key in an ssh session. Seems like
> a stack problem to me.

To be honest, I don't understand what could cause the issue.. what kind 
of box is the router, anyways?

> Thanks anyways for reading through the files and respnding.

it's not like I've got anything else of importance to do.. :)

-- 
Morten
:wq
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

Reply via email to