Re: iptables not behaving the way I expected

[Jim Hyslop <jhyslop@dreampossible.ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Franck Joncourt wrote:
> I do not think the same way you do. If you are not running any servers,
> except ssh

I never said that. I said that ssh is the only port forwarded from the
firewall to the machine. The machine is used internally for various
services (intranet, CVS, DHCP, and a few others).

Hmmmm... does that mean I should really set up two machines, one in a
DMZ for my ssh services, and the other for my internal services?

> ? I control traffic for the OUTPUT chain to prevent some backdoors, if
> there is one, from causing damages to my computer by bypassing normal
> authentication.

I think I see where you're coming from. I should set up my input and
output chains to deny everything by default, and explicitly allow
outgoing connections on whatever services the machine needs or provides.
Is that what you're getting at?

> If you want to read more about iptables :
> 
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html

Thanks for the tip.

- --
Jim Hyslop
Dreampossible: Better software. Simply.     http://www.dreampossible.ca
                 Consulting * Mentoring * Training in
    C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGLBwyLdDyDwyJw+MRAkplAKCc8YR6fgk/K3/LF4whjZ1ymi/yCwCg65FB
aC2tZE3+WkY67hf0ZkMeymA=
=UHNX
-----END PGP SIGNATURE-----