hi, okay now im seriously wanted to convert the default ACCEPTED fw machine by my predecessor to default DROP. coz it is very hard to maintain ACCEPTED fw and im getting tired of monitoring tcpdump and then adding new rules to firewall script. As I told before it is a small ISP (limitations: no more then 150 users at a time) and our clients connected to us via dialup. Before going to deploy my desired fw script I want to monitor the users traffic for a while may be I would go outside and interview few cyber cafes, to decide *what* to DROP and which packets to allow. Remember our clients are not that power users, very normal in nature, when online majority of them acccessing port 80, IM, chatting, emailing, irc etc. we have setup a cache "squid" for port 80 related things and its doing very well. Therefore I thinks it would not be difficult to deploy default DROP script, yes may be in starting days we could loose few clients ;) As im kinda new to security and iptables stuff, however I want to prove that this sort of policy is possible in ISP (small) enviroment . =now can someone guide me what is the good way to monitor traffic i-e what ports clients accessing and then in teh light of this i would finialize my script. = any sample scripts for such enviroment and links ? Any other suggestions would be greatly appreciated. regards Askar -- (after bouncing head on desk for days trying to get mine working, I'll make yer life a little easier)
