Tue, Jul 17, 2001 at 04:22:25PM +0200, Walter Hofmann wrote:
> On Mon, 16 Jul 2001, John Patton wrote:
>
> > On Mon, Jul 16, 2001 at 02:30:29PM -0500, William Jensen wrote:
> > > I've setup a fairly restrictive set of rules for iptables and have been,
> > > up to this point, extremely satisfied w
On Mon, 16 Jul 2001, John Patton wrote:
> On Mon, Jul 16, 2001 at 02:30:29PM -0500, William Jensen wrote:
> > I've setup a fairly restrictive set of rules for iptables and have been,
> > up to this point, extremely satisfied with its performance. However,
> > I've recently started having some sig
In article <[EMAIL PROTECTED]>,
John Patton <[EMAIL PROTECTED]> wrote:
>You could further limit your rules by specifying the source
>address of you cable modem provider, something like:
>
> -A INPUT -p icmp -s provider.cable.net -j ACCEPT
>
>Just figure out from your logs what ip address(es) t
William Jensen uttered:
>
> I'm experiencing 20 to 54% packet loss coming into my pc and going out.
> Charter cable company has been "resolving" this for almost 8 months now.
> I've even showed them the exact ip to their local router that's causing
> the problems, yet the continue to want to ping
Hi!
Just an interesting note
We had traceroute and ping disabled on our firewall, and our support guy got
_deluged_ with calls from ppl claiming the server was down 'cos they couldnt
ping it. They had tried to actually use the service it offered of course
(typical lusers!).
So consider what
On Mon, 16 Jul 2001, Joey Hess wrote:
> As an only marginally related question, does anyone know of a good way
> to configure a linux system to refuse all connections to any system that
> is brokenly not responding to ICMP packets?
Hmm... very, very nice idea.
I suppose a modified version of the
William Jensen wrote:
> I've setup a fairly restrictive set of rules for iptables and have been,
> up to this point, extremely satisfied with its performance. However,
> I've recently started having some signifiant issues with my cable modem
> provider and they routinely want to ping and tracerout
On Mon, Jul 16, 2001 at 02:30:29PM -0500, William Jensen wrote:
> I've setup a fairly restrictive set of rules for iptables and have been,
> up to this point, extremely satisfied with its performance. However,
> I've recently started having some signifiant issues with my cable modem
> provider and
Depending on who you talk to there and how reasonable they
are, tell them you use a firewall and don't want to leave your
machine "vulnerable" like this. It's possible that they will
use the same machine or machines when they want to ping or
traceroute to you. If so, you can allow just those mach
What do you think is dangeous about allowing ping/traceroute?
Neither are be used to establish a service which could be exploited, so
why so you care about denying ping / traceroute?
Exactly, I'm going about the firewall as deny everything, then just let
through what I know I want to come thr
On Mon, 16 Jul 2001, William Jensen wrote:
> I've setup a fairly restrictive set of rules for iptables and have been,
> up to this point, extremely satisfied with its performance. However,
> I've recently started having some signifiant issues with my cable modem
> provider and they routinely wan
William Jensen wrote on Mon Jul 16, 2001 at 02:30:29PM:
> These appear to work, however, am I overlooking something from a
> security point of view by allowing any icmp and ip's through?
What do you think is dangeous about allowing ping/traceroute?
Neither are be used to establish a service whic
> ...and they routinely want to ping and traceroute to
> my machine. This requires me to take down my
> firewall and wait for them to finish, then put it back
> up. I'd like to make, as part of my rule set, ping and
> traceroute able to get through. So far I've done this
> for my input chain for
I've setup a fairly restrictive set of rules for iptables and have been,
up to this point, extremely satisfied with its performance. However,
I've recently started having some signifiant issues with my cable modem
provider and they routinely want to ping and traceroute to my machine.
This requires
14 matches
Mail list logo
