Re: IPTABLES options questions
From: Alan Guy (nospam@myhouse.com)Date: 06/16/02
- Next message: Duane Arnold: "Re: BIPCP"
- Previous message: thompsop: "IPTABLES options questions"
- In reply to: thompsop: "IPTABLES options questions"
- Next in thread: Patrick Schaaf: "Re: IPTABLES options questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Alan Guy <nospam@myhouse.com> Date: Sun, 16 Jun 2002 11:18:05 -0400
> After reading and experimenting, I've seen two basic approaches to
> firewalling :
>
> A. Explicit rules to ACCEPT certain packets and DENY/REJECT all others
> (by policy)
> B. Same as A, but add more rules to specifically DROP/REJECT certain
> packets.
>
> Q3: What do the extra rules in "B" buy me? Assume examples from
> Andreasson's 1.1.9 tutorial, and Ziegler's "Linux Firewalls, 2nd ed"
> book. Is this approach for the belt & suspenders crowd?
I'm very new to Linux and iptables, but I'll give *my* 2 cents on this:
(for me) on a stand-alone pc with a dial-up internet connection - since the
overarching Policy is to DROP everything except what is specifically
allowed, the *only* reason *I* have for seperate Reject/Drop rules is
twofold:
1.) To reject a packet in a certain *manner*, i.e. with a limit or
burst-limit set (if desired).
2.) To establish logging criteria for Rejected/Dropped packets.
-- Alan
- Next message: Duane Arnold: "Re: BIPCP"
- Previous message: thompsop: "IPTABLES options questions"
- In reply to: thompsop: "IPTABLES options questions"
- Next in thread: Patrick Schaaf: "Re: IPTABLES options questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
