[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Ipchains and dns
- Subject: Re: [cobalt-security] Ipchains and dns
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2003 19:40:12 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Robbert,
> Working now :-)
very good.
> Seems to be the -y switch i had in it.
That makes sense. The "-y" switch does the following according to the ipchains
man pages:
---------------------------------------------------------------------------
Only match TCP packets with the SYN bit set and the ACK and FIN bits
cleared. Such packets are used to request TCP connection initiation; for
example, blocking such packets coming in an interface will prevent incoming
TCP connections, but outgoing TCP connections will be unaffected. This
option is only meaningful when the protocol type is set to TCP. If the
"!" flag precedes the "-y", the sense of the option is inverted.
---------------------------------------------------------------------------
--
With best regards,
Michael Stauber