On Mon, 2003-02-17 at 19:49, Eugene Joubert wrote: > Is your webserver on your firewall? > > Also I would suggest moving your webserver to another server behind your > firewall. > Just my 5 cents. The firewall is on the web server yes. Future plans dictate that we will be purchasing new machines for a dedicated firewall and web server, etc but right now we have to make do with 1 machine. > > PS: > You could also set your OUTPUT Policy to default ACCEPT, but if your really > paranoid then just make it DROP > Its is set to DROP because i am paranoid :) I'm so paranoid i was hoping to get away with just the 2 rules in the table, one for web in and one for web out but as Joel Newkirk pointed out i need to allow some other "related" packets to traverse as well. thanks for your help :)
Attachment:
signature.asc
Description: This is a digitally signed message part
