To Ralf, the netfilter team, and the whole of the OS community How am I supposed to proxy apache? Why should I have to? Is it not a firewalls job to protect a system(and LAN behind it)? This is a very valid form of protection I'm asking for here. A more detailed explanation of what I need is this and I know I'm not alone in this as I have been corresponding with people who want the very same thing(cc if ya our there lemme hear ya..post up with me here.) Anyone who runs apache and logs(which is EVERYONE who runs apache unless they are brain dead or don't care about security) is constantly BOMBARDED DAILY with CODE/RED and NIMDA(and I'm sure other types of invalid requests they would like to protect against). Knowing this... and knowing that the discard service is a very nice and clean way to sort of send things like this to the great packet /dev/null , I do not think it is too much to ask that iptables provide me a way to keep those invalid requests AWAY from my web server. I should be able to route packets to the discard service without having to use the NAT table(although if that was even an option I would use it.) All my services run on ONE machine NAT should not be nessecery. If this can not be done I would love for someone to give me a half technical half lamen's terms explanation. I honestly don't think I'm asking so much of the iptables firewall that I should have to go proxying things and circumventing things here and there. Much Respect to the netfilter team and the OS Community SBlaze --- Ralf Spenneberg <lists@xxxxxxxxxxxxxx> wrote: > Am Sam, 2003-08-16 um 00.09 schrieb SBlaze: > > How can I sepperate requests to a machine by a matched string? Once this is > > done how can I then direct certain requests one way and certain request > another > > way(doesn't need to be another IP but does need to be another port)? > Use a proxy. They were made for application filtering. > > Cheers, > > Ralf > -- > Ralf Spenneberg > RHCE, RHCX > > Book: Intrusion Detection für Linux Server http://www.spenneberg.com > IPsec-Howto http://www.ipsec-howto.org > Honeynet Project Mirror: http://honeynet.spenneberg.org ===== "Winky is not knowing how sir, winky is not knowing how?" -=Winky / Harry Potter and the Goblet of Fire=-" __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
