On Fri, 2004-12-17 at 18:40, Jeffrey Laramie wrote: > On Friday 17 December 2004 18:17, Jason Opperisano wrote: > > On Fri, 2004-12-17 at 18:01, Jeffrey Laramie wrote: > > > Agreed, but is that any reason to make it easier for them? I use similar > > > rules which BTW are out of Oskar's Tutorial. While I thankfully haven't > > > seen it yet on a Linux box (and with any luck I won't), on windows boxes > > > it's not unusual for programs to create or use interfaces and assign IPs > > > to them and then use these interfaces to query your network. AOL does > > > this constantly and although I believe they are trying to determine the > > > most appropriate server to assign to your connection, it's still > > > unnerving to see public IPs on your LAN. :-p > > > > then the rules should have interface restrictions as well. do or do not > > do, there is no try. > > Huh? If it's not an IP you assigned why let it out on any interface? I'm not > sure I follow you here. sorry, i suppose i wasn't very clear--what i meant was...instead of using a rule that says: iptables -A OUTPUT -s $LAN_IP -j ACCEPT restrict it by interface as well as by IP: iptables -A OUTPUT -o $LAN_IF -s $LAN_IP -j ACCEPT this is all matter of opinion. i'm not trying to dictate anything here. > On a separate note, I want to take a second to thank you for the time you've > put in over the last months helping the less knowlegable (such as myself!). I > appreciate your efforts. my pleasure. -- "Yes, yes, I know the procedure for armed robbery. I do work in a convenience store, you know." --The Simpsons
