[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Ipchains and dns

Subject: Re: [cobalt-security] Ipchains and dns
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Thu, 17 Apr 2003 19:40:12 +0200
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Robbert,

> Working now :-)

very good. 

> Seems to be the -y switch i had in it. 

That makes sense. The "-y" switch does the following according to the ipchains 
man pages:

---------------------------------------------------------------------------
Only  match  TCP  packets with the SYN bit set and the ACK and FIN bits 
cleared.  Such packets are used to request TCP connection initiation; for 
example, blocking such packets coming in an interface will prevent incoming 
TCP connections, but outgoing TCP connections will be unaffected.  This 
option is  only  meaningful  when the protocol type is set to TCP.  If the 
"!" flag precedes the "-y", the sense of the option is inverted.
---------------------------------------------------------------------------

-- 

With best regards,

Michael Stauber

Follow-Ups:
- Re: [cobalt-security] Ipchains and dns
  - From: Robbert Hamburg \(HaVa Web- & Procesdesign\)
- [cobalt-security] New RAQ 4 updates
  - From: webguroo

References:
- blocking spam (Re: [cobalt-security] VRFY root [rejected])
  - From: E.B. Dreger
- Re: [cobalt-security] Ipchains and dns
  - From: Michael Stauber
- Re: [cobalt-security] Ipchains and dns
  - From: Robbert Hamburg \(HaVa Web- & Procesdesign\)

Prev by Date: Re: [cobalt-security] Ipchains and dns
Next by Date: Re: [cobalt-security] Ipchains and dns - my firewall.
Previous by thread: Re: [cobalt-security] Ipchains and dns
Next by thread: Re: [cobalt-security] Ipchains and dns

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index