Re: iptables not behaving the way I expected
-----BEGIN PGP SIGNED MESSAGE-----
Franck Joncourt wrote:
> I do not think the same way you do. If you are not running any servers,
> except ssh
I never said that. I said that ssh is the only port forwarded from the
firewall to the machine. The machine is used internally for various
services (intranet, CVS, DHCP, and a few others).
Hmmmm... does that mean I should really set up two machines, one in a
DMZ for my ssh services, and the other for my internal services?
> ? I control traffic for the OUTPUT chain to prevent some backdoors, if
> there is one, from causing damages to my computer by bypassing normal
I think I see where you're coming from. I should set up my input and
output chains to deny everything by default, and explicitly allow
outgoing connections on whatever services the machine needs or provides.
Is that what you're getting at?
> If you want to read more about iptables :
Thanks for the tip.
Dreampossible: Better software. Simply. http://www.dreampossible.ca
Consulting * Mentoring * Training in
C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----