Hello list,
I've had quite a bit of trouble setting up nat rules on my iptables home
network firewall. Machines behind my firewall box couldn't host games, use
bittorrent efficiently, that type of thing. Not that nothing works. I've
been surfing, playing games and ftp'ing happily for a while. My problems
were nat-specific.
I have known for a while my problems were related to my default chain
policies. I never wanted to compromise security, so I set all of input and
nat chains to DROP. I left the mangle to accept (never took time to
understand this table). Is this excessive security? I find such a firewall
quite hard to maintain because you need to know exactly how chains are
traversed.
I am thinking to set all chains to ACCEPT except the INPUT chain. Is this
minimalist security? This is one chain I think I should not be open.
Where to draw the line for a home network?
Thanks for sharing your thoughts!
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://messenger.fr.msn.ca/
