Re: Iptables config

To: debian-security@lists.debian.org
Subject: Re: Iptables config
From: "Martin Peikert" <Martin.Peikert@discon.de>
Date: Thu, 18 Apr 2002 09:26:07 +0200
Message-id: <[🔎] 3CBE750F.7070301@discon.de>
References: <[🔎] Pine.OSF.4.21.0204121108010.16570-100000@gram.math.ku.dk> <[🔎] 20020412093709.GD9175@pn66.sdi.poznan.tpnet.pl> <[🔎] 20020417094505.GA3359@erpland> <[🔎] 3CBD57E7.4020204@discon.de> <[🔎] 20020417121549.B4143@yeti.nslug.ns.ca>

Peter Cordes wrote:
> On Wed, Apr 17, 2002 at 01:09:27PM +0200, Martin Peikert wrote:
>>First, you should set your policy to DROP. The way you configured your
>>filter with a policy set to ACCEPT would let all traffic pass through.
>

> No it doesn't; It would block new connections, because it rejectsTCP SYN

> packets.  It doesn't do anything about UDP, though.

True. If I would be able to read I would have noticed that before yougave me that hint ;-)


GTi


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Iptables config
  - From: Lars Roland Kristiansen <m00lrk@math.ku.dk>
- Re: Iptables config
  - From: Michal Melewski <mike@pn66.poznan.sdi.tpnet.pl>
- Re: Iptables config
  - From: Jussi Ekholm <ekhowl@goa-head.org>
- Re: Iptables config
  - From: "Martin Peikert" <Martin.Peikert@discon.de>
- Re: Iptables config
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: Mailman alias
Next by Date: Re: Iptables config
Previous by thread: Re: Iptables config
Next by thread: Re: Iptables config
Index(es):
- Date
- Thread