Re: How to tell if a Linux machine is a zombie?
On Wed, Jan 10, 2007 at 08:49:20PM -0800, Paul Johnson wrote:
> Douglas Tutty wrote:
>
> > On Wed, Jan 10, 2007 at 11:23:29AM -0800, Paul Johnson wrote:
> >
> >> I think shorewall assumes that you don't really want to block /all/
> >> outbound traffic and does the right thing, then.
> >
> > Before you assume this, you should check the netfilter docs. If by
> > default I block all outgoing and incomming connections then there's no
> > way to establish an 'existing' connection in the first place. If I
> > allow outgoing http requests then the data is allowed back in without me
> > opening the http port to allow incoming requests. That's the heart of
> > netfilter.
>
> Aah, OK. I must be thinking ipchains or ipfw from back in the day or
> something. Netfilter isn't such a pain by comparison to those two.
As I understand it, that's the big difference between netfilter/iptables
and ipchains. Note that, at least for Sarge, some of the
firewall-building packages use ipchains instead of iptables/netfilter.
They're more difficult to get as tight a controll on packets. Shorewall
lets you control each kind of packet for separate directions. Each of
one's choices in the configuration is really a meta-choice; shorewall
takes care of the nitty-gritty.
Doug.
Reply to: