[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ipchains

If you use ip_masq internal network have privite ip address(eg.
192.168.X.X or 10.X.X.X)
In this case machines from internal network canot access directly the
internet.All traffic from internal
network will be masquaraded.

I read your firewall script. 
If you wish to create a good packet fillter you must start width:
deny all all
and insert roules for speciffic hosts or ports. This is a safe way for
creating a firewall script, but is not optimised.

A useful option of ipchains is -i (interface). You can accept any
traffic from internal interface and deny 
any trafic from external interface. This option will be simplify your
firewall script !

Have a nice day !

Jay Kelly wrote:
> Hello Group,
> I have been running ipchains on a Debian Potato for awhile now. Everythin
> g seems to be working great. I do however wonder how secure me firewall
> really is. Being a newbie to linux I have a few questions. I am using
> a proxy and when I tell me clients not to use the proxy they still can.
> Should that be happening? Also I want to use the mod ip_masq_icq,
> ip-masq-ftp etc. Shouldnt I make a rule to DENY all outbound internet
> traffic make the most of the mod's? Bassically I want a firewall that
> not only filters incoming but outgoing. I have attached my firewall
> script. Please look at it and give me your opinion. Any help would
> be great.
> --
> If Windows is the answer, then I want the problems back!
> Powered by Debian GNU/Linux.
> http://www.debian.org
>   ------------------------------------------------------------------------
>    firewallName: firewall
>            Type: Plain Text (text/plain)

Reply to: