Excuse if you've seen this twice.... My question.
I've been running RH 6.2 on an older box for over a year and a half. This box is my firewall, triple-homed, with one to the cable modem. (ah, peace and quiet from two teenagers...). To harden it, I found and ran Bastille-linux. Over time, upon request, I've opened a couple of ports. Lately, though, I've wanted to be able to get to and from this box from my system, and it apparently is blocking me, when I *told* it that inside systems were trusted. Well, if I do an ipchains -l, it gives me about 5,278 rules, which seems excessive. I'm willing to look at other freeware...but I'm also considering doing it myself. So, if I were to do it myself, would this work? POLICY INPUT reject interface_out POLICY OUTPUT reject interface_out POLICY FORWARD reject interface_out POLICY INPUT accept internal_interface POLICY OUTPUT accept internal_interface POLICY FORWARD accept internal_interface Then accept from inside the firewall, and only accept http, pop3, and a few other things from the outside interface. This *ought* to be not more than a couple of dozen rules. The policy stmts with reject should simply drop the unwanted packets in the bit bucket (yes, and I'll have to put a drain to the outside there, so that bitrot won't ruin my floor <g>). Cmts? mark -- "Patriotism is the last refuge of a scoundrel." --Samuel Johnson. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
