Re: [cobalt-security] ipchains adding to rc.local

["R. Hamburg" <cobalt@xxxxxxx>]

> Hi Robbert,

Hi Nico :)

> > Am I correct doing it this way ?
>
> Technically, yes. I wouldn't advice you on doing that, personally.
>

Ah....

> IMHO, it's better to create a *complete* firewall script as (for instance)
> /etc/rc.d/rc.firewall and call that from rc.local.
> There has been a lot of discussion on ipchains recently, so if you've got
> the time: read up. Check the firewall and ipchains howto's aswell.

I have noticed that there has been a LOT of discussion about this subject.
However sometime I like to dig a little deeper. And as far as I can recal
all discussion the rc.local stuff hasn't brought the way I think about
(....I hope I right about this, could have missed some.....).
They way I read the thing you are mentioning about the firewall script
doesn't really differ from the thing Shimi mentioned earlier, I think.
However I think you are referring to an extra add-on or something ?? Or is
the firewall script within Ipchains ?
I searched over google for some information and found an pretty big HOWTO. I
know perhaps I should, not perhaps, I should!!.

> Any questions: ask. A lot of people on this list seem to have their way
with
> ipchains, so there's lots to learn. You're getting to the good stuff now.
> ;-)

Thanks ! I'm getting more and more interested with security and I'm up to
installing snort, and more of that stuff, as soon as I have RTFM's.

Last question for now. When a user is blocked through Ipchains, and tries to
visit again the server. What happens then ? Is there simply no response ? Or
is the user/visitor prompted with an access denied error ?? Just wondering
about that.....


> Take care... Nico

Thanks for you help !
If needed I will ask some more !

- Robbert