El lun, 14-02-2005 a las 17:32 -0500, Jason Opperisano escribiÃ: > for the sake of clarity. when someone asks, "how do i allow http into > my machine" it seems clearer to say: > > iptables -A INPUT -p tcp --syn --dport 80 -j ACCEPT > > rather than: > > iptables -A INPUT -m state --state NEW -p tcp --syn \ > --sport 1024:65535 --dport 80 -j ACCEPT > > you're not going to make me add a disclaimer to all my posts that says > "any rules are included to clarify a point of discussion. do not use > the rules posted without understanding the full security implications of > such an act. firewall rules lasting more than four hours require > medical attention." Thanks for the info. I was really bothered by this matter. I thought it was OK, but after reading your posts I was really confused. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
