[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Ipchains and dns
- Subject: Re: [cobalt-security] Ipchains and dns
- From: "Robbert Hamburg \(HaVa Web- & Procesdesign\)" <user@xxxxxxx>
- Date: Thu, 17 Apr 2003 20:55:05 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Btw michael and the rest of the guru's ofcourse :-),
I saw that are using relative paths (so to say, prolly bad english but my
dutch/german is better). I think you know what i mean with relative paths
the $EXTERNAL net. What is the benefit of that?? Am i correct that it is
easier to maintain that way ??
Another issue.
I know that it is not good to do some developping from the ssh prompt but
since i become a father i like to work at home more often.
But i noticed that when i run the firewalling script from the prompt
/sbin/ipchains -F
/sbin/ipchains -X
/sbin/ipchains -P input DENY
/sbin/ipchains -P forward DENY
/sbin/ipchains -P output REJECT
I get immediately disconnected from the server and not beeing able to login
again until i call one of the guys in our servercenter and let them preform
a server reboot ofcourse i know why but is there a way to set the default
policy to deny and then exclude the ports you want to allow ??? Now i use
# disallow all else
/sbin/ipchains -A input -i eth0 -j DENY -l
but not sure if this is tight enough...
Robbert
--
This message has been scanned for viruses and
dangerous content by HaVa.nl MailScanner, and is
believed to be clean.