Re: A Question On Ipchains Input Rules
From: Newsbox (newsbox_at_MAPS_ON_customers-of-adelphia.org)
Date: 12/25/03
- Previous message: chris_at_nospam.com: "Re: Port 135 Probes Continue"
- In reply to: Thomas Dineen: "A Question On Ipchains Input Rules"
- Next in thread: NeoSadist: "Re: A Question On Ipchains Input Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Dec 2003 03:40:36 -0500
On Wed, 24 Dec 2003 19:08:25 -0500, Thomas Dineen wrote:
> Gentlepeople:
>
> I am having a strange difficulty with ipchains on
> RedHat 7.2. The forwarding rules shown below work great when used stand
> alone without the input rules. The performance of the forwarding rules
> seems to match that described in the documentation and also seems
> intuitive.
> [...]
One thing you are doing wrong is to be using ipchains instead of iptables.
No one uses ipchains, because iptables is better. iptables came online
with the 2.4 kernel, quite some time ago. If you are not using at least a
2.4 kernel, then (sorry to say) you are hopelessly out of date. Your
Internet-connected security will suffer, whatever ipchains rules that you
set. ... Looks like you have some reading to do. Try:
man chkconfig
ipchains must be set to _not_ start if you expect iptables to work.
man iptables
People get paid good money to write books on iptables, and I am not one
of them. But this is where you start.
Sorry that I didn't critique the rest of your post; I thought this was
the best suggestion I could make.
Best wishes.
-- Remove the backwards _NO_SPAM for e-mail ... Trying to cut down on the backwards NEWS virus mail Thanks !!
- Previous message: chris_at_nospam.com: "Re: Port 135 Probes Continue"
- In reply to: Thomas Dineen: "A Question On Ipchains Input Rules"
- Next in thread: NeoSadist: "Re: A Question On Ipchains Input Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
