Re: [ILUG] ipchains default policy

From: Martin Feeney (martin at domain tuatha.org)
Date: Fri 28 Jul 2000 - 10:45:27 IST

• Next message: Cormac McClean: "Re: [ILUG] RH 6.2 Install via NFS/FTP - problem"
• Previous message: Martin Donlon: "Re: [ILUG] Linux Feile 2000"
• In reply to: Philip Reynolds: "Re: [ILUG] ipchains default policy"
• Next in thread: Niall O Broin: "Re: [ILUG] ipchains default policy"
• Reply: Niall O Broin: "Re: [ILUG] ipchains default policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On 28 Jul 00, at 9:21, Philip Reynolds wrote:

> It's the most secure method, but not neccessarily the handiest. It's as long
> as it as short, you've also got to open up every little port you're using if
> you DENY everything.

But, you don't just "throw together" a firewall. They have to have some
planning. The most secure (and in fact it probably is the handiest) is
default to DENY, then allow all your internal machines outgoing access.
If you need incoming it's only one rule per port. There are 65536
possible ports (TCP and UDP) giving 131072 different port/protocol
combinations most of which you would have to specifically deny otherwise.

• Next message: Cormac McClean: "Re: [ILUG] RH 6.2 Install via NFS/FTP - problem"
• Previous message: Martin Donlon: "Re: [ILUG] Linux Feile 2000"
• In reply to: Philip Reynolds: "Re: [ILUG] ipchains default policy"
• Next in thread: Niall O Broin: "Re: [ILUG] ipchains default policy"
• Reply: Niall O Broin: "Re: [ILUG] ipchains default policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:07:01 GMT