Re: Iptables Clues and Advices.

[Christian Friedl <xian () mediaclan at>]

Nahual Guerrero <nahual () axis org> writes on 
Wed, 02 Apr 2003 22:55:55 +0200 (METDST):


> > >

my $iptfh = 'iptables -F';
my $iptin = 'iptables -A INPUT -j DROP -p tcp -s ! 127.0.0.0/255.255.255.0 
--destination-port';
my $iptil = 'iptables -A INPUT -j LOG -p tcp -s ! 127.0.0.0/255.255.255.0 
--destination-port';
my $iptol = 'iptables -A OUTPUT -j LOG';
my $iptfl = 'iptables -A FORWARD -j LOG';

system ("clear");
print "Tirando de la Cadena....\n";

> > >


Hm... well first off, it's always better to change the default
rule of the table to REJECT and only after that allow the ports you actually use. I know... it's a lot of work, but far 
more secure, and
you learn an awful lot (like not to forget to allow nameserver connects ;-), or if you're doing it remotely, how to 
charm a malevolent sysadmin into resetting those darn rulesets *g*)

Second... -j LOG on everything must produce incredibly large logfiles!?
And thirdly, what does "Tirando de la Cadena" mean? :-)

c 

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics