need a volunteer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You might want to put an interface specifier on these rules;
otherwise somebody upstream can spoof ips through your firewall by making
internal ips show up on the external interface so di bind the rule to a
particular interface. This was a big problem with MS proxy 2
that wouldn't let you specify an interface for a particular rule.
On Sat, Oct 28, 2000 at 01:40:23PM -0500, Kirk Wood wrote:
> By the way any port can be instantly closed with ipchains. Again the
> general method is:
> 
> ipchains -A input -p tcp -d your_ip_address:port -j DENY
> 
> This will drop the packet as if it never occured. You can change the last
> part to REJECT in which case an icmp message is sent back to the
> originating host. But if you DENY the packet a port scanner won't see your
> machine. Don't rely on this to say you won't be attacked. It just lowers
> your profile.
> 
> By the way, while ATT at Home is less secure then some ISPs, the internet
> in general is a hostile world. If you really want to secure against it cut
> the connection. Next would be to find an ISP that will place you behind
> their firewall.
> 
> =======
> Kirk Wood
> Cpt.Kirk at 1tree.net
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
--
Kerry Hoath: kerry at gotss.eu.org
Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
ICQ UIN: 62823451





[Index of Archives]     [Linux for the Blind]     [Fedora Discussioin]     [Linux Kernel]     [Yosemite News]     [Big List of Linux Books]
  Powered by Linux