On Sun, Dec 23, 2001 at 03:19:50PM +0100, Michael Zimmermann wrote:
Greetings to all,
could you please help me with some pointers - I'm a relatively fresh user of firewall2 and perhaps I'm getting some basic things wrong. [snip] But now (I think) the service is accessible to everyone, the whole internet became the DMZ, and specifying the FW_TRUSTED_NETS is not needed at all - or am I wrong?
Yes, I think you're correct, you are making the port accessible to everyone. The following works OK on my machine: FW_TRUSTED_NETS="a.b.c.0/24,udp,123" This restricts access to the NTP port to only machines which come within the IP range used by my ISP's main servers - if someone has cracked them, there are more important things to worry about than my machines... :-) Stupid question - you are restarting the firewall scripts after making the change to the config file, aren't you? HTH...