On 02/12/2016 11:10 AM, Bob Goodwin wrote:
I have been messing with a firewall file and added the following:
config rule
option src lan
option src_ip 192.168.1.7
option dest wan
option target REJECT
It works to prevent internet access from that ip. However I can still
ping 8.8.8.8 which leaves wondering if that is adequate isolation. Can
that be improved on?
I have never done anything with iptables and I am pushing my skill level
in this but it is encouraging to have something actually work ...
Not sure which firewall you're using. Judging by your description of its
behavior, the odds are that the (unless otherwise specified) default
protocol the rules affect is TCP. If that's the case, yes, your rules
would prevent TCP-based activity (telnet, ssh, web, etc.) from working,
but would NOT prevent UDP-based traffic (normal DNS queries for
instance) or ICMP-based traffic (such as ping, traceroute, etc.).
There's a whole lot of protocols that come under the "IP" umbrella.
Dump out the content of /etc/protocols if you want to see a (fairly
complete, but not exhaustive) list of what's out there.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- Diplomacy: The art of saying "Nice doggy!" until you can find a -
- big enough rock. -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
