hi andrew...
imap connections will not timeout if you check for new mail
regularly...
for more ipchain/iptables examples and howtos..
c ya
alvin
http://www.Linux-Sec.net ... security stuff ..
On Sun, 27 May 2001, Andrew Perrin wrote:
> Thanks for all this. The reason I'd like the masqueraded
Thanks for all this. The reason I'd like the masqueraded connections never
to time out is that I'd like machines on my private network to be able to
maintain connections indefinitely - specifically, IMAP connections. I'd
like to be able to leave an IMAP client running on a machine and not get
TCP/I
For better stateful packet inspection I would recommend moving your
firewall from ipchains -> iptables which has a better stateful engine...
This will watch the related packets (ie- ftp & ftp-data) as well as the
connections already established...
Jeremy T. Bouse
Andrew Perrin was
Do something like:
# for initialisation - deny everything that will not be allowed later...
ipchains -P input DENY
ipchains -P forward DENY
ipchains -P output DENY
ipchains -F
# allow local things
ipchains -A input -j ACCEPT -i lo
ipchains -A output -j ACCEPT -i lo
# allow SSH connections from
Apologies if I've already asked this - I can't remember anymore!
I now have a DSL connection, and as such would like to use ipchains to do
the following:
1.) Deny all incoming packets coming in on eth1 (the card connected to the
DSL gateway) except those destined for port 22 (ssh) or ICMP packets
5 matches
Mail list logo
