Re: hardening checkpoints

To: debian-security@lists.debian.org
Subject: Re: hardening checkpoints
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Sat, 17 Dec 2005 22:44:00 +0100
Message-id: <[🔎] E1EnjqS-0001Si-00@calista.inka.de>
In-reply-to: <[🔎] 20051217041545.GA5401@spybotics.blaafladt.net>

In article <[🔎] 20051217041545.GA5401@spybotics.blaafladt.net> you wrote:
> Actually, iptables -A INPUT will _append_ a rule to your INPUT chain
> (iptables(8)), and this won't help you if your connection is matched by
> an earlier blocking rule. To really make sure that you can reach the
> machine after a failed firewall-reconfiguration, replace -A with -I,
> which makes the rule inserted at the head of the chain, and hence, the
> first rule to be matched.

And dont forget to do  this to the other tables, at least OUTPUT, also.

Gruss
Bernd

Reply to:

References:
- Re: hardening checkpoints
  - From: Andreas Blaafladt <andreas@blaafladt.no>

Prev by Date: Re: hardening checkpoints
Next by Date: Re: closing unwanted ports - and what is 1720/tcp filtered H.323/Q.931
Previous by thread: Re: hardening checkpoints
Next by thread: Re: hardening checkpoints
Index(es):
- Date
- Thread