Re: [Sheflug] Re: Firewall Stuff

[Barrie Bremner <nospam [at] ecosse.net>]

Alex Hudson wrote:
> 
> > Just saying
> >
> >    ipchains -P input DENY or ipchains -P input REJECT
> >
> > will drop everything going into the firewall box.
> 
> . including local LAN traffic ;)

 Hence the "drop everything" :-)

> >
> > That is the policy that is being set - i.e. the firewall falls back on
> > that if you don't have a rule in place to tell it what to do.
> >
> >    ipchains -A input -s 0.0.0.0/0 80 -j ACCEPT
> >
> > tells the firewall box to accept all traffic (TCP and UDP and probably
> > ping traffic too!) coming from anywhere on port 80.
> 
> 'ping' is icmp, not port related.
> 
> Just picking ;)

 Yeah, I've always been a slow figuring ICMP...cheers for pointing that
one out.

Baz.

--
Barrie J. Bremner

TheEnglishman [at] ecosse.net | OpenPGP public key ID: 5164F553
	    http://www.geocities.com/thefatenglishman
	    [Contact information available at website]

   "Linux? Is that some kind of MacOS?"
      -- BT technical support
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.