-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 2 Feb 2003 16:44:00 -0800 (PST), exits funnel wrote:
> > Yes. And reply packets are not covered at all by > > that rule. And > > without knowing the complete set of rules, one > > cannot comment on > > this single rule anyway. > > Actually, since my insert was to position 1 and my > target was ACCEPT, how could other input rules have > any affect? Or am I confused again? Well, what about the output chain? Your rule only covers incoming packets. Local processes on the server machine create reply packets, however. And these go out through the output chain. > Why wouldn't allowing access to sports 1 through 1024 from > dports 1 through 1024 allow access to ftp? Because an FTP client creates connections on an unpriviledged port, i.e. a _source_ port > 1024. Furthermore, it depends on whether passive or active FTP is used. > Hey, do you know off of the top of your head what I need to do to > persist these changes so that the systems behavior wont revert after > I reboot? It seems info ipchains doesn't address this issue. > Thanks again. Load your rules, save them like this: # ipchains-save > /etc/sysconfig/ipchains (which is what "service ipchains save" would do). Then activate the "ipchains" service for next reboot (man chkconfig for more): # chkconfig ipchains on - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+Pjwk0iMVcrivHFQRAn4BAKCBCczRr0ws5JyXRufyl9s4ZJSF/wCfVQy7 rsTMDRII0Zw72knhLZjF2fY= =fkNU -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
