[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [SIKKERHED] Iptables problem



Hej Donald!

Tusinde tak for dine vise ord, jeg har rettet det som du har beskrevet,
så det ser pænere ud og måske er lidt mere logisk opbygget.

- Rune

----- Original Message ----- 
From: "donald_j_axel" <sslug@sslug>
Newsgroups: sslug.sikkerhed
To: <sslug@sslug>
Sent: Sunday, May 09, 2004 12:57 AM
Subject: Re: [SIKKERHED] Iptables problem


On Thu, 6 May 2004 09:22:16 +0200
"Cow" <sslug@sslug> wrote:

> Selvom det link du gav mig Jeppe, primært er til brugere med freeBSD,
> fik jeg det, efter meget bøvl, til at virke og jeg skal lige love for
> det virker.... kazaa bliver total slået  ned, kanon.
>
> Jeg takker.
>
> Hvis der stadig skulle være nogen der har kommentarer til mit iptables
> script, så vil jeg gerne høre det.

Dit iptables script ser ud til at enable forwarding før du
opsætter filtreringen. Ikke at det gør noget, men på den anden
side koster det ikke noget at vende tingene, så du først enabler
eth2 eller hvad det nu var når du er oppe.

Det ser rimeligt fornuftigt ud.

Men hvorfor laver du ikke en drop-all opsætning og så redder dem, der
skal have lov at gå igennem. Jeg kan ikke lige se, hvorfor brugerne
skal have lov til at bruge port 445 til ca. 1000, hvis de i øvrigt skal
beskyttes mest muligt.

Det er af denne grund man bruger en user-defined chain. Så fanger du
først
alt, hvad der går fx. ind via eth2 og fører det over i en kæde, som
smager
og tester og lader det nødvendigste passere, resten droppes.



Hilsen/Donald

-- 
donald_j_axel snabela get2net.dk -- http://d-axel.dk/



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 20:47 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *