-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 17 Nov 2002 11:53:21 +0800, [EMAIL PROTECTED] wrote:
> > > > > Is it include security ? > > > > > > > > Pardon? > > > > > > Is it including Firewall ( prevent hacker to hack the Server > > > machine )? > > > > It only manipulates outgoing packets which were created by one of > > your hosts. > > > > Whether you use the packet filter as a firewall I cannot say without > > seeing your complete set of iptables rules. > > /etc/rc.d/rc.local : > ..... > echo 1 > /proc/sys/net/ipv4/ip_forward > echo 1 > /proc/sys/net/ipv4/tcp_syncookies > echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all As I've pointed out earlier, better enter these /proc settings via /etc/sysctl.conf (read "man sysctl.conf", and there are also tools to maintain that file). > /sbin/iptables -F > /sbin/iptables -A INPUT -i eth0 -p tcp -d 0.0.0.0/0 --dport 53 -j LOG > /sbin/iptables -A INPUT -i eth0 -p tcp -d 0.0.0.0/0 --dport 53 -j DROP > /sbin/iptables -A INPUT -i eth0 -p udp -d 0.0.0.0/0 --dport 69 -j LOG > /sbin/iptables -A INPUT -i eth0 -p udp -d 0.0.0.0/0 --dport 69 -j DROP > /sbin/iptables -A INPUT -i eth0 -p tcp -d 0.0.0.0/0 --dport 87 -j LOG > /sbin/iptables -A INPUT -i eth0 -p tcp -d 0.0.0.0/0 --dport 87 -j DROP [lots of similar rules snipped] No default policies? No protection in the FORWARD chain? No protection for other privileged ports? > Is it including Firewall ( prevent hacker to hack the Server machine ) > ? Your rules close only a couple of ports directly on your router. http://www.netfilter.org has tutorials and howtos for you. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE913gY0iMVcrivHFQRAs3BAJ4vF3WkWZLacbRN6umlGE9YYBO0zQCeIvea PXUvnqDKt+VP7fp0xHUAmHk= =Xczk -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
