On Sun, 02 Jan 2000, you wrote:
Hi,
after the chain "user_fw" is set up within the script /sbin/init.d/firewall there is one line I can't understand:
$IPCHAINS -A user_fw -s 0/0 -d 0/0 $ACC_FLAG -j ACCEPT
Doesen't this line mean I accept everything from any source and forward it to any destination? Greetings,
You accept from every source to every destination. The total traffic is accepted. Exept the forward chains is declared like this: $IPCHAINS -A forward -s 0/0 -d 0/0 -j user_fw then it is allowed to forward all traffic.
Does this rule make sense? Why should I accept everything after just having granted access to only some special hosts/ports? no, it is only script that doesn't allow you to do anything you want.
Is there a security hole?
no
Thanks for you help
Fabian
-- Mark Ruth Unix Systems Administrator New York, NY, USA Mark.Ruth@gmx.net