-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks for all the tips, I'll review my rules with this new knowledge.
One thing I did want to mention was I didn't mean to leave the REJECT
statements in there. I had those there for some testing I was doing,
forgot to take them out.
Thanks!
Thanks,
Chris Miller
ServerMotion
www.servermotion.com
On Jun 27, 2006, at 11:50 AM, Martijn Lievaart wrote:
Chris Miller wrote:
Are these all adresses of the firewall? If not, these rules will
not do anything. If yes, why bother?
If your policy is set to ACCEPT, this will break things (most
notably PMTUD). If your policy is set to DROP, why reject these?
Also note that if these are all the addresses of the firewall
itself, the same can be achieved by simply saying
iptables -A INPUT -p icmp -j REJECT --reject-with icmp-port-
unreachable
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFEoYooxBwlCB7CRwsRAmtrAJ9Fz3gIvh+JHN3bRSl6XNS1eO0g0QCdHRDo
fK3eprj2DrDg4A/NI3x6ChI=
=Lr48
-----END PGP SIGNATURE-----
