Mailinglist Archive: opensuse-security (195 mails)
| < Previous | Next > |
Re: [suse-security] *WANTED: ipchains guru*
- From: Steffen Dettmer <steffen@xxxxxxx>
- Date: Wed, 15 Mar 2000 20:08:40 +0100
- Message-id: <20000315200840.A1959@xxxxxxxxx>
* KULISHdotCOM wrote on Tue, Mar 14, 2000 at 20:11 -0600:
> Guess I should have made that a little clearer ;).
Guess you're right ;)
Well, I'm not an ipchains guru or so, but I'll try to answer
anyway...
> I am wanting to figure this out from scratch.
Yepp, that's not a bad way...
> I recommend [...] MS Proxy depending upon the situation.
BTW: Have you ever seen such a situation ?? :) SCNR.
> Being able to configure ipchains from scratch
> would be a great solution for clients on a limited budget.
Well, so just do it :)
ipchains should come with a man page describing the syntax you
have to use.
You want to reject/deny everything not exlicitly allowed, so you
would set up your default policy as reject/deny (ipchains -P).
If you start with flushed chains (ipchains -F), you need to
append your rules only (ipchains -A .... -j ACCEPT). Finally you
want to log all rejected packet. So you append a log rule at last
(i.e. ipchains -A -l -j REJECT). If you have problems that are
more specific, or some error messages or so, you would get more
informations here I think ;)
I don't know anything about the SuSE Scripts (once upon a time I
took a look and could understand it just in time - so it was not
my choice for security).
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
> Guess I should have made that a little clearer ;).
Guess you're right ;)
Well, I'm not an ipchains guru or so, but I'll try to answer
anyway...
> I am wanting to figure this out from scratch.
Yepp, that's not a bad way...
> I recommend [...] MS Proxy depending upon the situation.
BTW: Have you ever seen such a situation ?? :) SCNR.
> Being able to configure ipchains from scratch
> would be a great solution for clients on a limited budget.
Well, so just do it :)
ipchains should come with a man page describing the syntax you
have to use.
You want to reject/deny everything not exlicitly allowed, so you
would set up your default policy as reject/deny (ipchains -P).
If you start with flushed chains (ipchains -F), you need to
append your rules only (ipchains -A .... -j ACCEPT). Finally you
want to log all rejected packet. So you append a log rule at last
(i.e. ipchains -A -l -j REJECT). If you have problems that are
more specific, or some error messages or so, you would get more
informations here I think ;)
I don't know anything about the SuSE Scripts (once upon a time I
took a look and could understand it just in time - so it was not
my choice for security).
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
| < Previous | Next > |