firewall configuration

[V13]

On Friday 26 March 2004 16:48, Tsabros Leonidas wrote:
> Xoris na thelo na sas prikso kai exontas katalavei mod doylevei afto to
> modelo client - server , tote den tha boro na kratiso sto firewall
> to OUTPUT policy DROP kai na xrisimopoihso enan kanona toy stil
>
> iptables -A OUTPUT -p tcp --sport 80 -m state --state RELATED,ESTABLISHED
> -j ACCEPT
> iptables -A OUTPUT -p tcp --sport 22 -m state --state RELATED,ESTABLISHED
> -j ACCEPT
>
> Tespa xrisimopoiontas aftqa ta rules doylepsane ta services kanonika. H
> aporia moy einai an tha iparxei kapoio drawback stin oli ipothesi me afta
> ta rules to opoio den ksero logo aperias.

Kallo einai na afineis kai ta ICMP. H yparksi toys boithaei th leitoyrgeia toy 
IP kai toy TCP me diaforoys tropoys kai s'afinei na mporeis na kaneis kai 
traceroute/ping. An eisai paranoikos mporeis na kopseis mono ta icmp echo 
requests stin incoming kinisi (input chain) xoris na yparksei problima.

Episis, exeis alla rules gia tin incomming kinisi, h stirizesai mono sta 2 
parapano ? 

<<V13>>