I wondered about the same thing... BTW, imasq as install has almost no firewall capability unless you add script to it. But they have cure script to autodetect ethernet ports.
Anyway, I ended up adding several firewall scripts in ipmas style scripts and put them in the /etc/ipmasq/rules directory. You can see my script in www.aokiconsulting.com/pub. After doing so, I feel like it may be easier all script in one file. Too many small scripts. Osamu On Tue, Jan 09, 2001 at 03:11:09AM +0100, Carel Fellinger wrote: > I sent the following to debian-firewall, but noone reacted, so I try here. > > ========================= > > Hai and a jolly new year, > > I'm in the process of switching from pmfirewall to ipmasq. I've read > a lot, and now I'm confused:) > > I thought rp_filter was supposed to prevent ip spoofing, but ipmasq > still adds rules like: > > ipchains -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l > ipchains -A input -j DENY -i ! eth1 -s 192.168.1.1/255.255.255.0 -l > > Am I correct in assuming this is only done to get the logging? > > The second point of confusion is here: > > ipchains -A output -j DENY -i ! eth1 -d 192.168.1.1/255.255.255.0 -l > > Is this just the routing being checked by ipchains rules? Am I correct > in assuming this would be useless on a well configured machine? > > -- > groetjes, carel > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- + Osamu Aoki <[EMAIL PROTECTED]>, GnuPG-key: 1024D/D5DE453D + + Fingerprint: 814E BD64 3288 40E7 E88E 3D92 C3F8 EA94 D5DE 453D + + === http://www.aokiconsulting.com ======= Cupertino, CA USA === +
