On Thu, Nov 02, 2000 at 03:39:46PM +0100, Robert Varga wrote: > > It probably examines your current ports via something similar to netstat, > to know what services on what ports are needed and creates a firewall > script that creates the rules according to actual ip, that is good for > that state of the system, as it was in upon running the build script. It > probably knows a couple of protocols which needs special handling, eg. > ftp. handling ftp means opening up large ranges of ports, same with irc stuff (dcc et al) > It probably just filters out everything which is not traffic to the > then-active server processes, and sets up a few anti-spoofing rules. this would probably break loads of other protocols, then just ftp and irc. by the time you allow for a usable internet connection there are many many ports which users could attach daemons to. then again maybe it simply disables all internet access accept for www, but i wouldn't call that usable. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpKBPPpR7B0W.pgp
Description: PGP signature