Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] *WANTED: ipchains guru*
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Wed, 15 Mar 2000 20:08:40 +0100
  • Message-id: <20000315200840.A1959@xxxxxxxxx>
* KULISHdotCOM wrote on Tue, Mar 14, 2000 at 20:11 -0600:
> Guess I should have made that a little clearer ;).

Guess you're right ;)
Well, I'm not an ipchains guru or so, but I'll try to answer
anyway...

> I am wanting to figure this out from scratch.

Yepp, that's not a bad way...

> I recommend [...] MS Proxy depending upon the situation.

BTW: Have you ever seen such a situation ?? :) SCNR.

> Being able to configure ipchains from scratch
> would be a great solution for clients on a limited budget.

Well, so just do it :)
ipchains should come with a man page describing the syntax you
have to use.
You want to reject/deny everything not exlicitly allowed, so you
would set up your default policy as reject/deny (ipchains -P).
If you start with flushed chains (ipchains -F), you need to
append your rules only (ipchains -A .... -j ACCEPT). Finally you
want to log all rejected packet. So you append a log rule at last
(i.e. ipchains -A -l -j REJECT). If you have problems that are
more specific, or some error messages or so, you would get more
informations here I think ;)

I don't know anything about the SuSE Scripts (once upon a time I
took a look and could understand it just in time - so it was not
my choice for security).

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
References