Re: [Sheflug] Security

["Chris J/#6" <nospam [at] nccnet.co.uk>]

>  Nope.
> 
>  I've only got very basic rules in place right now, using this line to allow 
> ip_masq'ing,
> 
>  -A forward -s 192.168.0.0/24 -j MASQ
> 
>  I've loaded the basic masq modules, I also use portsentry to deny anyone who 
> portscans or does anything fun, and that's your lot.
> 
>  I'm going to play with my setup more over the coming weeks, but not too much 
> to it.
> 
>  Baz.
> 

Ahh...but I bet your INPUT and OUTPUT chains are empty and have a default 
policy of ACCEPT. If you change the input policy to DENY, then you may have 
to open specific ports for the quake/irc/real-video &c... services.

I don't know portsentry, so dunno what it does (or doesn't) do to the 
firewall (if anything)...I stick with a standard ipchains firewall, and use 
its packet logging :)

Maybe I'm mistaken...I don't do enough with masquarading to check this.

Chris...

-- 
@}-,'--------------------------------------------------  Chris Johnson --'-{ [at] 
    / "(it is) crucial that we learn the difference / sixie [at] nccnet.co.uk  \
   / between Sex and Gender. Therein lies the key  /                       \ 
  / to our freedom" -- LB                         / www.nccnet.co.uk/~sixie \ 


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.