--=-PQdZAvE8xFupjzLpjWpn Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Yes, all my chains default policies are set to DROP. I believe in taking the paranoid approach to security: assume everything is bad and then only allow what you know to go where you want it to. I'm sure you know the cliche by now :- 'where do you want to go today?' On Linux we know where we want to go ... Ray On Thu, 2002-11-14 at 07:08, Dharmendra.T wrote: > What is the default polic you have set for? I guess it is by dropping all= the=20 > packets froom the forward chain and then you are allowing accordingly. > Regards, > Dharmendra.T > Linux Security Expert > www.nsecure.net > dharmu@nsecure.net > On Wednesday 13 November 2002 20:31, Raymond Leach wrote: > > Hi > > > > Is there a way to put time restrictions on rules? > > For eaxmple, something like: > > > > iptables -A FORWARD -i eth0 -p tcp -sport 1024: -dport 1024: -time > > 0700:1700 -j DROP > > > > It would be nice ... > > > > Ray --=20 --=-PQdZAvE8xFupjzLpjWpn Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA90ymsh1fuR/Bv+ygRAmZvAJ9ctaUpgF4clIp8yIgQrlUIfl7FBQCcD8YO KOy/ZJD+KlrmM1fEYLt2nDM= =xqpR -----END PGP SIGNATURE----- --=-PQdZAvE8xFupjzLpjWpn--
