[ale] Bob Toxen's iptables rules help needed
Dow Hurst
Dow.Hurst at mindspring.com
Sun Jun 19 16:50:30 EDT 2005
Once I got the updated ruleset, my config worked well. Bob's treatment
is pretty clear and gives examples of how to add a rule for an external
service you need to allow. I felt comfortable with using that style of
chains. There is no point for most configurations to have lot's of
chains as debugging or just understanding the ruleset can be such a
bear. I also like the way he makes sure the rules block the path before
allowing traffic as the interfaces come up. I've noticed many times
that ruleset will allow interfaces to come up and be accessible while
the rules are being configured. It is only after the rules are
completely functional that the interfaces are really protected. That
style of rules leaves you wide open initially for the time from
interfaces coming up to ruleset being configured. What if you had a
problem with a rule and the script dumped out? Then you'd have the
machine possibly wide open and available!
Dow
Jim Seymour wrote:
>On Sun, Jun 19, 2005 at 03:07:57PM -0400, Bob Toxen wrote:
>
>
>>I've not had reports of problems from anyone else.
>>
>>Do check the errata:
>>
>> http://www.realworldlinuxsecurity.com/errata.html
>>
>>as Dow suggested. Also, check elsewhere in the Firewall chapter where
>>I give extensive advice on debugging IP Tables and IP Chains. Do
>>double-check what you have done as well.
>>
>>
>>
>
>Thanks for your reply Bob. I installed and configured the updated
>rc.fwsoho and in addition found I had a misconfigured WinXP box trying
>to access the Internet through it (broadcast). All is well and I can now
>move on with fun stuff :-)
>
>Have a great day all,
>Jim Seymour
>
>
>
More information about the Ale
mailing list