[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: /etc/init.d/networking & firewall

[ Bernd Eckenfels writes ]
> On Wed, Aug 09, 2000 at 01:16:43AM +0200, Domenico Andreoli wrote:
> > i minded if any other method a little more upgrade-proof has already been
> > developed. this is again the same flame war of how to save admin's choises from
> > system upgrades. sometimes they came back. :)
> make your own ipfilter script or use fwctl.

Presumably, you mean "ipchains" script, since ipfilter doesnt run on linux,
last I heard.
There certainly isn't a debian package for it.

What I can't understand is:

The "HOWTO" for ipchains gives a lovely example of a startup script.
It checks for the existence of /etc/ipchains.rules, and does things

So why isn't that script part of the debian packaged version of

for the security-concious, I suggest that it come with a default
protective entry, which should be generated by

ipchains -A input -p tcp -i eth0 -y -j DENY
ipchains-save >/etc/ipchains.rules

This blocks all attempts to make a tcp connection TO the box from outside,
on the standard ethernet interface.

Reply to: