[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall-troubleshooting

On Sat, Jul 02, 2005 at 04:46:29PM -0400, KC wrote:

> I need help understanding what goes wrong in this script. I cannot ping
> anyone and cannot resolve as well. In fact I believe the only thing I can
> get is an ip address from my isp's dhcp server.

  There's no way I'm going to read through all of that and try to 
 understand it.

  Perhaps you'd be better off starting with a smaller firewall script
 and then adding to it as you need?

  One thing did stand out though, you don't allow outgoing connections
 generally.  These lines:

> iptables --policy OUTPUT DROP
> iptables -t nat --policy OUTPUT DROP
> iptables -t mangle --policy OUTPUT DROP

  They seem to say "no output except that which is explictly allowed".

  For a big network I too would restrict outgoing connections, but for
 a home machine with only trusted hosts?  It's an additional complication
 which doesn't gain you much.

  (Sure if you had a trojan which phoned home, or tried to compromise
 other hosts .. it would help.  But .. in general it less useful than
 it appears).


Reply to: