From: Philip Reynolds (phil at domain redbrick.dcu.ie)
Date: Fri 28 Jul 2000 - 09:21:12 IST
Conor Daly's [conor.daly at domain oceanfree.net] 39 lines of dribble included:
:>Usual method for secure firewalls is to set the default policy to DENY and
:>then add rules for the things you want to allow. If you keep the ACCEPT
:>policy, then you need to think of every little route in that you might want to
:>block. If you've forgotten something, that bit of networking won't work
:>(using DENY policy) and you'll figure it out and fix it while if you've forgotten
:>something (using ACCEPT policy) you'll figure it out when your server gets
:>That's the way I have my ipchains ruleset.
It's the most secure method, but not neccessarily the handiest. It's as long
as it as short, you've also got to open up every little port you're using if
you DENY everything.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:07:00 GMT