Mailinglist Archive: opensuse-security (199 mails)
| < Previous | Next > |
Re: [suse-security] SuSE 6.2 / Error in firewall-script?
- From: Mark Ruth <Mark.Ruth@xxxxxxx>
- Date: Thu, 6 Jan 2000 14:42:12 +0000
- Message-id: <00010615062602.00820@Pentagon>
On Sun, 02 Jan 2000, you wrote:
> Hi,
>
> after the chain "user_fw" is set up within the script
> /sbin/init.d/firewall there is one line I can't understand:
>
> $IPCHAINS -A user_fw -s 0/0 -d 0/0 $ACC_FLAG -j ACCEPT
>
> Doesen't this line mean I accept everything from any source and forward
> it to any destination?
Greetings,
You accept from every source to every destination. The total traffic is
accepted.
Exept the forward chains is declared like this:
$IPCHAINS -A forward -s 0/0 -d 0/0 -j user_fw
then it is allowed to forward all traffic.
> Does this rule make sense? Why should I accept everything after just
> having granted access to only some special hosts/ports?
no, it is only script that doesn't allow you to do anything you want.
>
> Is there a security hole?
no
>
> Thanks for you help
>
> Fabian
--
Mark Ruth
Unix Systems Administrator
New York, NY, USA
Mark.Ruth@xxxxxxx
> Hi,
>
> after the chain "user_fw" is set up within the script
> /sbin/init.d/firewall there is one line I can't understand:
>
> $IPCHAINS -A user_fw -s 0/0 -d 0/0 $ACC_FLAG -j ACCEPT
>
> Doesen't this line mean I accept everything from any source and forward
> it to any destination?
Greetings,
You accept from every source to every destination. The total traffic is
accepted.
Exept the forward chains is declared like this:
$IPCHAINS -A forward -s 0/0 -d 0/0 -j user_fw
then it is allowed to forward all traffic.
> Does this rule make sense? Why should I accept everything after just
> having granted access to only some special hosts/ports?
no, it is only script that doesn't allow you to do anything you want.
>
> Is there a security hole?
no
>
> Thanks for you help
>
> Fabian
--
Mark Ruth
Unix Systems Administrator
New York, NY, USA
Mark.Ruth@xxxxxxx
| < Previous | Next > |