[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ipchains adding to rc.local
- Subject: Re: [cobalt-security] ipchains adding to rc.local
- From: "R. Hamburg" <cobalt@xxxxxxx>
- Date: Wed, 25 Jul 2001 23:15:30 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Hi Robbert,
Hi Nico :)
> > Am I correct doing it this way ?
>
> Technically, yes. I wouldn't advice you on doing that, personally.
>
Ah....
> IMHO, it's better to create a *complete* firewall script as (for instance)
> /etc/rc.d/rc.firewall and call that from rc.local.
> There has been a lot of discussion on ipchains recently, so if you've got
> the time: read up. Check the firewall and ipchains howto's aswell.
I have noticed that there has been a LOT of discussion about this subject.
However sometime I like to dig a little deeper. And as far as I can recal
all discussion the rc.local stuff hasn't brought the way I think about
(....I hope I right about this, could have missed some.....).
They way I read the thing you are mentioning about the firewall script
doesn't really differ from the thing Shimi mentioned earlier, I think.
However I think you are referring to an extra add-on or something ?? Or is
the firewall script within Ipchains ?
I searched over google for some information and found an pretty big HOWTO. I
know perhaps I should, not perhaps, I should!!.
> Any questions: ask. A lot of people on this list seem to have their way
with
> ipchains, so there's lots to learn. You're getting to the good stuff now.
> ;-)
Thanks ! I'm getting more and more interested with security and I'm up to
installing snort, and more of that stuff, as soon as I have RTFM's.
Last question for now. When a user is blocked through Ipchains, and tries to
visit again the server. What happens then ? Is there simply no response ? Or
is the user/visitor prompted with an access denied error ?? Just wondering
about that.....
> Take care... Nico
Thanks for you help !
If needed I will ask some more !
- Robbert