Re: Searching for an appropriate iptables script

To: debian-firewall@lists.debian.org
Subject: Re: Searching for an appropriate iptables script
From: martin f krafft <madduck@madduck.net>
Date: Fri, 8 Feb 2002 19:51:43 +0100
Message-id: <[🔎] 20020208185143.GI28205@fishbowl.madduck.net>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 20020207091713.GA5169@pctgb.dcs.aber.ac.uk>
References: <[🔎] 006a01c1afaf$c67f8cb0$0200a8c0@JEFF> <[🔎] 20020207091713.GA5169@pctgb.dcs.aber.ac.uk>

also sprach Gareth Bowker <tgb96@aber.ac.uk> [2002.02.07.1017 +0100]:
> If you're worried about missing stuff out, you could start with a firewall
> that defaults everything to DROP and go from there...

good point. any-any-any-DROP is what i call the base firewall. there
is *no* argument for a firewall that's based on anything but this
essential rule. there *should* also be a rule any-any-any-LOG right
before.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
at the turn of the century in vienna,
the schoenberg food factory stopped making tonic,
and started making cereal instead.
                                                   -- hofstadter's geb

Attachment: pgpOiOpnXJDYk.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Searching for an appropriate iptables script
  - From: Florian Friesdorf <42ff@gmx.net>

References:
- Searching for an appropriate iptables script
  - From: "Jeff Bonner" <jeff@integralogic.com>
- Re: Searching for an appropriate iptables script
  - From: Gareth Bowker <tgb96@aber.ac.uk>

Prev by Date: Re: Searching for an appropriate iptables script
Next by Date: RE: Searching for an appropriate iptables script
Previous by thread: Re: Searching for an appropriate iptables script
Next by thread: Re: Searching for an appropriate iptables script
Index(es):
- Date
- Thread