Re: Internet from Windows/NT thru Linux
Hummm, not sure what to say. Yes, I knew that these were to prevent
spoofing and since I could not find any other place where ipfwadm
commands were issued, the defaults for ipfwadm appeared to be 'deny'
(which of course makes sense).
It further seemd to me that /etc/netbase is the logical location
for the additional rules.
If not, I'd rather like to know why not as well as where they should
be placed.
On Wed, May 06, 1998 at 12:11:14AM +1000, Hamish Moffatt wrote:
> On Tue, May 05, 1998 at 09:44:56AM -0400, Bill Leach wrote:
> > The file '/etc/init.d/netbase' has the commands for setting up you
> > IP-Masquerading. The defaults that I have seen are always to deny.
> ^^^^^^^^^^^^^^^
>
> No, they don't. There are some firewall setup commands only:
>
> # deny incoming packets pretending to be from 127.0.0.1
> ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 2>/dev/null || true
> ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 2>/dev/null || true
> ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 >/dev/null
> ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 >/dev/null
>
> There are only these commands, and a few others, to prevent IP spoofing.
> This seems to be a common misconception.
>
>
> Hamish
> --
> Hamish Moffatt, hamish@debian.org, hamish@rising.com.au, hmoffatt@mail.com
> Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5
> CCs of replies from mailing lists are welcome. http://hamish.home.ml.org
>
>
--
best,
-bill
bleach@BellSouth.net
b.leach@usa.net LinuxPC@Hotmail.com
from a 1996 Micro$loth ad campaign:
"The less you know about computers the more you want Micro$oft!"
See! They do get some things right!
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: