Jim Angstadt said: > --- Nino Brown <[EMAIL PROTECTED]> wrote: >> On Mon, 10 Mar 2003, Jim Angstadt wrote: > My 3 boxes are behind a Netgear FR314 router which has > a firewall. I have no idea just how good that > firewall is.
Having extra rules does offer more security as you have two filters in place instead of one. However, extra complexity is also created, and problems can arise as a result. I prefer the control that Linux iptables/ipchains offers, and would include them as well, just as you have. >> I'm not sure if 8.0's firewall runs ipchains or >> iptables. You can check >> by typing "lsmod | grep ipchains". If you see a >> line there, then you can >> disable the firewall by typing "ipchains -F". If it >> is running iptables, >> typing "ipchains -F" should disable it. Let us know >> what happensi. > <snip> > > Here are 3 lines from lsmod output: > > ipt_REJECT 3736 6 (autoclean) > iptable_filter 2412 1 (autoclean) > ip_tables 14936 2 [ipt_REJECT > iptable_filter] What was being proposed, with the "-F" was to flush all of the firewall rules from the box. If this is the intent, since you are running iptables, you can "get there" with: # iptables -F Since your deafult rules for FORWARD, INPUT and OUTPUT are "ACCEPT", this would likely permit other boxes to ssh to this box. However, this is also not a permanent fix, but can be useful for testing to verify that the problem you face is a filtering one. I would only try this step if the prior step of inserting the rule should fail. Also, if you are going to go this far to "zap" all of your firewall rules permanently, then we can cover not starting the firewall rules at boot time. (Going to class, be back in 3 hours.) -ME -- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++ [EMAIL PROTECTED](++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z? ------END GEEK CODE BLOCK------ decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html Campus IT(/OS Security): Operating Systems Support Specialist Assistant _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
