On Wed, Jan 23, 2008 at 09:19:01AM -0600, William Twomey wrote: > One solution could be to have a folder called /etc/security/iptables > that contains files that get passed to iptables at startup (in the same > way /etc/rc2.d gets read in numeric order). So you could have files like > 22ssh, 23ftp, etc. with iptable rules in each file. This is IMHO nonsence. Why to firewall ports where nothing listens? This would not give you anything. > You could also have > an 'ENABLED' variable like some files in /etc/default have (so that > ports wouldn't be opened by default; the user would have to manually > enable them for the port to be opened). Better way is just not start that daemon. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org, jabber: santiago@njs.netlab.cz) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Attachment:
signature.asc
Description: Digital signature