LinuxSA Mailing list archives

  From: Andrew McDonnell <andymc73@yahoo.com.au>
  To  : <linuxsa@linuxsa.org.au>
  Date: Fri, 13 Jul 2001 23:06:37 +1000 (EST)

Re: IPCHAINS stoping outgoing traffic

On Fri, 13 Jul 2001 Michael Kratz wrote:

> Hi all,
> 
> I am having a problem with a redhat 7.1 box, the
> firewall that has been auto 
> setup seems to be restricting traffic out of the box
> itself, ie. ntp 
> updates, dig updates of root.hints, etc. can someone
> direct me as to what 
> ports to add and/or what to add to the file. Also I
> am not too savvy with 
> ipchains yet can someone tell me whether this is
> sufficient with a private 
> network on eth0 and internet routeable address on
> ppp0, ie. private net is 
> getting access through squid, no MASQ??
> 

<snipped>

One "rule of thumb" I have seen repeated, is to DENY
everything & then explicitly enable what you need,
rather than allowing everything in & then disabling it
afterward. 

There was an excellent article in the (May? June?)
Silicon Chip magazine that I used to create my own
firewall.

So basically I DENY all, allow everything on eth0 & lo
and then specific services on ppp0

Andrew



=====
-----------------------
www.comptroubsa.com
www.andrewmcdonnell.net

_____________________________________________________________________________
http://messenger.yahoo.com.au - Yahoo! Messenger
- Voice chat, mail alerts, stock quotes and favourite news and lots more!

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject