RE: IPChains leak for UDP!?
From: Peter Mueller (pmueller@sidestep.com)Date: 10/31/01
- Previous message: Timothy Carey: "SFTP + Chroot"
- Maybe in reply to: Sanjeev B.S.: "IPChains leak for UDP!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <37328159548B4242A34141B1A69CDB730323A7@exchange.sidestep.com> From: Peter Mueller <pmueller@sidestep.com> To: "'Sanjeev B.S.'" <sanjeev@mbu.iisc.ernet.in>, focus-linux@securityfocus.com Subject: RE: IPChains leak for UDP!? Date: Wed, 31 Oct 2001 13:38:32 -0800
|I configured ipchains in the following way in the order given below.
|1) Default ACCEPT for input and output and DENY for forward.
default policy should be deny, then add your rules, then add a 'logger'
catch-deny statement at the bottom.
I believe you are under the mistaken assumption that you need to have
default policy ACCEPT then DENY it later in a -A rule, right? < I think I
did the same thing a while back :P >
(( what UDP might you require? on my boxes the only thing UDP is useful for
is NTP & return packets for my gateway box.. too bad you can't do a ! -y
with udp :( ))
Peter
- Previous message: Timothy Carey: "SFTP + Chroot"
- Maybe in reply to: Sanjeev B.S.: "IPChains leak for UDP!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
