On Tuesday 19 October 2004 13:12, Barry O'Donovan wrote:
> > Will they be able to get past my filewall?
> > (I'm running the standard shorewall setup.)
>> If you have those log messages they already are past your firewall.
> Either it's not running, it's not configured properly or you've
> configured it to allow SSH access through.
That is what I thought.
However, I just followed the model in the shorewall "two-interfaces" setup.
I must say I don't understand the resulting iptables listing:
=======================================
[root at alfred shorewall]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:time
ACCEPT tcp -- anywhere anywhere tcp dpt:time
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
=======================================
This seems very open to me.
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
