Re: firewall & masquerade script availability - 'potato'
>>>>> "Aaron" == Aaron Brashears <gila@gila.org> writes:
...
Aaron> By default, this package configures the system as a basic
Aaron> forwarding firewall, with IP spoofing and stuffed routing
Aaron> protection. The firewall will allow hosts behind the
Aaron> firewall to get to the Internet, but not allow connections
Aaron> from the Internet to reach the hosts behind the
This is, unfortunately, NOT the case; look at the open bug reports
for ipmasq. Any (almost any) host can connect to your machine.
In one of the bug reports, there is a rules configuration that
sets up a tight firewall. Note also that you have to adapt the
"/etc/ip-down.d/50ipmasq" script to contain
ipmasq --rules /etc/ipmasq/masq-down
to get back to the default state when the connection is down.
Aaron> firewall. However, ipmasq now features a very flexible
Aaron> framework where you can override any of the predefined
Aaron> rules if you so choose. It also allows you to control if
Aaron> the rules are reinterpreted when pppd brings a link up or
Aaron> down.
Regards
--
R. A. Hogendoorn E-mail: hogend@nlr.nl
Information and Communication Technology Division Tel. +31-527-24-8367
National Aerospace Laboratory, The Netherlands Fax. +31-527-24-8210
Reply to: