[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Firewall config - for Ross.



On Thursday 17 May 2001 13:24, you wrote:
> Ross, the firewall config I sent you is default DENY - but it will allow
> related connections back (you did patch your 2.4.3 kernel to fix the bug
> with that didn't you? If not upgrade to 2.4.4 or patch 2.4.3!).
>

dropped the firewall and now xhost is running :-)
i had already added some lines to the firewall to allow related packets 
through on ppp1 (my direct serial link) so i thought that should do it.
however..... you mention a patch for related pachets.... 
i  would hope that the latest kernel from mandrake was patched!
is there some way of checking?
i don't relish the idea of recomiling the kernel.... i've had bad experiances 
of this:-(
can i acespt all packets from ppp1? if so how?
the lines i added to the firewall are

iptables -A INPUT -i ppp1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp1 -m state --state RELATED,ESTABLISHED -j ACCEPT

-- 
Thanks,
        Ross
               ross.h [at] ntlworld.com
____________________________________________________________________________
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.