Re: POP-before-SMTP/log2db/RH 6.2/Sendmail 8.11/Cyrus-SASL
From: Alan W. Frame (alan.frame@acm.org)Date: 02/01/02
- Previous message: Alan W. Frame: "Re: samhain vs tripwire"
- In reply to: Tim Haynes: "Re: POP-before-SMTP/log2db/RH 6.2/Sendmail 8.11/Cyrus-SASL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: alan.frame@acm.org (Alan W. Frame) Date: Fri, 1 Feb 2002 02:02:26 +0000
Tim Haynes <usenet@stirfried.vegetable.org.uk> wrote:
> Michael Heiming <michael+USENET@heiming.de> writes:
>
> [snip]
> > Sure, the 2.4 kernel has iptables, but how should those statefull
> > features help you, assuming from the OP, the connecting comes from
> > somewhere outside (roaming users), so you need to open port 110 anyway
> > and 25 needs to be open to the outside either,
>
> You can always
> -A INPUT -m state --state INVALID -j DROP
> before you open 25.
>
> (As it happens, I do, too.)
Well, yeah, OK.
If one were to be of the view that --state ESTABLISHED, RELATED is
merely a crutch for those that are too lazy to explicity list the
replies that they are allowing, then what /other/ advantages to we get
from statefulness?
Yes, I've been re-writing old ipchains !y rules recently.
rgds, Alan
-- 99 Ducati 748BP, 95 Ducati 600SS, 81 Guzzi Monza, 74 MV Agusta 350 "Ride to Work, Work to Ride" SI# 7.067 DoD#1930 PGP Key 0xBDED56C5
- Next message: Jim Chisholm: "Re: MTAs,Antivirus software, Spam"
- Previous message: Alan W. Frame: "Re: samhain vs tripwire"
- In reply to: Tim Haynes: "Re: POP-before-SMTP/log2db/RH 6.2/Sendmail 8.11/Cyrus-SASL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
