Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] *WANTED: ipchains guru*
  • From: "Francisco M. Marzoa Alonso" <fmmarzoa@xxxxxxxxxxx>
  • Date: Thu, 16 Mar 2000 09:08:46 +0100
  • Message-id: <38D0968E.87A32413@xxxxxxxxxxx>
fmmarzoa@vivaldi:~ > rpm -ql ipchains | grep ps
/usr/doc/packages/ipchains/ipchains-quickref.ps
fmmarzoa@vivaldi:~ >

Try that document too, it was *a lot* of useful for me (I didn't need
more information).

Steffen Dettmer wrote:
>
> * KULISHdotCOM wrote on Tue, Mar 14, 2000 at 20:11 -0600:
> > Guess I should have made that a little clearer ;).
>
> Guess you're right ;)
> Well, I'm not an ipchains guru or so, but I'll try to answer
> anyway...
>
> > I am wanting to figure this out from scratch.
>
> Yepp, that's not a bad way...
>
> > I recommend [...] MS Proxy depending upon the situation.
>
> BTW: Have you ever seen such a situation ?? :) SCNR.
>
> > Being able to configure ipchains from scratch
> > would be a great solution for clients on a limited budget.
>
> Well, so just do it :)
> ipchains should come with a man page describing the syntax you
> have to use.
> You want to reject/deny everything not exlicitly allowed, so you
> would set up your default policy as reject/deny (ipchains -P).
> If you start with flushed chains (ipchains -F), you need to
> append your rules only (ipchains -A .... -j ACCEPT). Finally you
> want to log all rejected packet. So you append a log rule at last
> (i.e. ipchains -A -l -j REJECT). If you have problems that are
> more specific, or some error messages or so, you would get more
> informations here I think ;)
>
> I don't know anything about the SuSE Scripts (once upon a time I
> took a look and could understand it just in time - so it was not
> my choice for security).
>
> oki,
>
> Steffen
>
> --
> Dieses Schreiben wurde maschinell erstellt,
> es trägt daher weder Unterschrift noch Siegel.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

--
Francisco M. Marzoa Alonso
Nuevo Mundo - Dpto. Informático ICQ#: 62850923
Henri Dunant, 19 - 28036 Madrid tfno: +34 91 343 18 40 ext. 207
España / Spain fax: +34 91 350 28 45

< Previous Next >