Re: DNS-Problem with ADSL-Router

To: debian-firewall@lists.debian.org
Subject: Re: DNS-Problem with ADSL-Router
From: Mickey Mullin <mickey@dreamwolf.us>
Date: Tue, 06 Jan 2004 22:01:30 -0500
Message-id: <[🔎] 3FFB768A.9030802@dreamwolf.us>
In-reply-to: <20040107012925.GA1280@freenet.de>
References: <[🔎] 1073427967.3ffb35ffaf665@www.dreamwolf.us> <20040107012925.GA1280@freenet.de>

Michelle Konzack wrote:

adsl:~ # iptables -L -n -v
Chain INPUT (policy DROP 16605 packets, 1067K bytes)
pkts bytes target prot opt in out sourcedestination

INPUT has a "policy DROP" but no ACCEPT targets, therefore no traffic with a
destination of this box will ever be accepted (which includes every and all
responses to requests originating from the box, like "dig," "apt-get update," etc.).

iptables -P INPUT ACCEPT


??? - The policy must be DROP, because I do not like to have visitors...

But anyway, with this config, all other boxes cann access the Internet.

Yes, and my network is open and all are welcome ;-)

"DROP" policies for both INPUT and FORWARD are best, but you're notgoing to be able to receive any traffic at all that is intended for therouter unless you also have some ACCEPT targets. The kernelconfiguration option that Bjoern mentioned in another email would workwell. It would allow you to only allow packets that are received inresponse to requests generated from the router.


mickey

Reply to:

References:
- Re: DNS-Problem with ADSL-Router
  - From: mickey@dreamwolf.us

Prev by Date: Re: DNS-Problem with ADSL-Router
Next by Date: Re: DNS-Problem with ADSL-Router
Previous by thread: Re: DNS-Problem with ADSL-Router
Next by thread: Re: DNS-Problem with ADSL-Router
Index(es):
- Date
- Thread