RE: [Sheflug] Security

[Barrie Bremner <nospam [at] ecosse.net>]

>===== Original Message From "Sheflug" <sheflug [at] vuw.ac.nz> =====
>>  If you use a separate firewall/router box, IP masquerading (sp?) has
>> modules to automagically deal with the things you've mentioned (Quake,
>> FTP, audio streams, ICQ and a bunch of others) - saves a bit of effort
>> :-)
>>
>
>You still need to unlock the ports on the firewall though don't you? I
>thought that they were just helpers for awkward protocols - the firewall
>chains still apply I think.

 Nope.

 I've only got very basic rules in place right now, using this line to allow 
ip_masq'ing,

 -A forward -s 192.168.0.0/24 -j MASQ

 I've loaded the basic masq modules, I also use portsentry to deny anyone who 
portscans or does anything fun, and that's your lot.

 I'm going to play with my setup more over the coming weeks, but not too much 
to it.

 Baz.

Barrie J. Bremner

Email: TheEnglishman [at] ecosse.net
(PGP key available at my website)

URL: http://www.geocities.com/thefatenglishman

Telephone: UK 01672 811246
Mobile: UK 07968 792975

Quis custodiet ipsos custodes?

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.