[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: firewall question
- Subject: Re: firewall question
- From: Ira Abramov <lists-linux-il(at-nospam)ira.scso.com>
- Date: Tue, 11 Sep 2001 11:25:44 +0300 (IDT)
- cc: Linux - IL Maling List <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <20010911105538.A14805@leeor.math.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Tue, 11 Sep 2001, Nadav Har'El wrote:
> Actually, in ipchains you usually set up "input" and "output" chains, and
> these protect both the packets coming to or going from the firewall machines,
> and the ones forwarded to other machines. Thereis typically no reason to
> put any rule on the "forward" chain itself. In such a typical setup, the
well, at least ONE rule will go in the forward chain, and that's
masquarading.
rule of the thumb: default policy should be set to block-all and open up
only what you need. if you open up port 80 on the firewall machine, it
does not mean all the network behind it is also open, ofcourse.
--
Idiot Savant
Ira Abramov
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il