[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall & masquerade script availability - 'potato'

>>>>> "Aaron" == Aaron Brashears <gila@gila.org> writes:
...
    Aaron> By default, this package configures the system as a basic
    Aaron> forwarding firewall, with IP spoofing and stuffed routing
    Aaron> protection. The firewall will allow hosts behind the
    Aaron> firewall to get to the Internet, but not allow connections
    Aaron> from the Internet to reach the hosts behind the

This is, unfortunately, NOT the case; look at the open bug reports
for ipmasq. Any (almost any) host can connect to your machine.
In one of the bug reports, there is a rules configuration that
sets up a tight firewall. Note also that you have to adapt the
"/etc/ip-down.d/50ipmasq" script to contain

  ipmasq --rules /etc/ipmasq/masq-down

to get back to the default state when the connection is down.

    Aaron> firewall. However, ipmasq now features a very flexible
    Aaron> framework where you can override any of the predefined
    Aaron> rules if you so choose. It also allows you to control if
    Aaron> the rules are reinterpreted when pppd brings a link up or
    Aaron> down.

Regards
-- 

R. A. Hogendoorn                                       E-mail: hogend@nlr.nl
Information and Communication Technology Division      Tel. +31-527-24-8367 
National Aerospace Laboratory, The Netherlands         Fax. +31-527-24-8210
Reply to: