[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Internet from Windows/NT thru Linux

Hummm, not sure what to say.  Yes, I knew that these were to prevent
spoofing and since I could not find any other place where ipfwadm
commands were issued, the defaults for ipfwadm appeared to be 'deny'
(which of course makes sense).

It further seemd to me that /etc/netbase is the logical location
for the additional rules.

If not, I'd rather like to know why not as well as where they should 
be placed.

On Wed, May 06, 1998 at 12:11:14AM +1000, Hamish Moffatt wrote:
> On Tue, May 05, 1998 at 09:44:56AM -0400, Bill Leach wrote:
> > The file '/etc/init.d/netbase' has the commands for setting up you
> > IP-Masquerading.  The defaults that I have seen are always to deny.
>   ^^^^^^^^^^^^^^^
> No, they don't. There are some firewall setup commands only:
> 	# deny incoming packets pretending to be from
>         ipfwadm -I -d deny -o -P all -S -W eth0 -D 0/0 2>/dev/null || true
>         ipfwadm -I -d deny -o -P all -S -W eth1 -D 0/0 2>/dev/null || true
>         ipfwadm -I -i deny -o -P all -S -W eth0 -D 0/0 >/dev/null
>         ipfwadm -I -i deny -o -P all -S -W eth1 -D 0/0 >/dev/null
> There are only these commands, and a few others, to prevent IP spoofing.
> This seems to be a common misconception.
> Hamish
> -- 
> Hamish Moffatt, hamish@debian.org, hamish@rising.com.au, hmoffatt@mail.com
> Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5
> CCs of replies from mailing lists are welcome.   http://hamish.home.ml.org

           b.leach@usa.net  LinuxPC@Hotmail.com
from a 1996 Micro$loth ad campaign:
"The less you know about computers the more you want Micro$oft!"
         See!  They do get some things right!

To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: