Re: [ILUG] ipchains default policy

From: Philip Reynolds (phil at domain redbrick.dcu.ie)
Date: Fri 28 Jul 2000 - 09:21:12 IST

• Next message: SP K: "[ILUG] ftp cmd's"
• Previous message: Burke, Gary : GIG IS&T: "RE: [ILUG] Defualt window managers"
• In reply to: Conor Daly: "Re: [ILUG] ipchains default policy"
• Next in thread: Martin Feeney: "Re: [ILUG] ipchains default policy"
• Reply: Martin Feeney: "Re: [ILUG] ipchains default policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Conor Daly's [conor.daly at domain oceanfree.net] 39 lines of dribble included:
:>Usual method for secure firewalls is to set the default policy to DENY and
:>then add rules for the things you want to allow. If you keep the ACCEPT
:>policy, then you need to think of every little route in that you might want to
:>block. If you've forgotten something, that bit of networking won't work
:>(using DENY policy) and you'll figure it out and fix it while if you've forgotten
:>something (using ACCEPT policy) you'll figure it out when your server gets
:>"rooted"!
:>
:>That's the way I have my ipchains ruleset.

It's the most secure method, but not neccessarily the handiest. It's as long
as it as short, you've also got to open up every little port you're using if
you DENY everything.
Phil.

• Next message: SP K: "[ILUG] ftp cmd's"
• Previous message: Burke, Gary : GIG IS&T: "RE: [ILUG] Defualt window managers"
• In reply to: Conor Daly: "Re: [ILUG] ipchains default policy"
• Next in thread: Martin Feeney: "Re: [ILUG] ipchains default policy"
• Reply: Martin Feeney: "Re: [ILUG] ipchains default policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:07:00 GMT