Re: Quick iptables help

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAlan Dayley at <-
MAlan Dayley at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Alan Dayley
Date:  
To: Main PLUG discussion list
Subject: Re: Quick iptables help
> While it's not exactly coding, it sounds perfect for tonight's hackfest.

Yes, well, it literally IS for tonight's meeting/hackfest. We upgraded
the firewall and I did not get around to making this change to the DMZ
behavior. The previous version had an addon to provide this change but
the new version does not support that addon. Our wired connection to the
Internet will not do well without this change since the DMZ is where the
visitor net lives.

> You might want to restate your policy more like:
>
> - drop everything not explicitly allowed
> - allow everything from eth1 to eth2
> - (etc)

I appears to already to the drop policy first, as you say. I think we
just need "the allow everything from eth1 to eth2" and we'll be good to
go.

> I.e., you should have a default policy of dropping, and the rest of the
> rules allow things. It's safer and easier in the end.

Good point.

Alan


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Quick iptables helpRe: Quick iptables help->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)