Morten Nilsen, 23.11.2005 13:43: > Vidar Tyldum Hansen wrote: >> Only traffic to/from the router itself is not passed through FORWARD. > > which was my point.. what if the router itself becomes compromised? > it'll be totally free to send whatever, whereever..
That has been taken into consideration, however I decided that if there is a remote bug in the kernel the intruder has root anyways. When it comes to sshd I'll take my chances as opposed to manage the hellhole of three rulesets instead of one. There are more firewalls around here too, it's not all down to one box so threat is ~0. But this is irrelevant to the topic at hand (testing happens without anything other than a switch in between). >> But I still fail to see why iptables should do something to my pakcets >> just by pressing and holding a random key in an ssh session. Seems like >> a stack problem to me. > > To be honest, I don't understand what could cause the issue.. what kind > of box is the router, anyways? Frankenstein. There could of course be hardware issues, haven't thought of that. Testing will commence after the dawn of day. _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
