Re: [TCLUG:16582] Firewalls revisited...

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:16582] Firewalls revisited...
From: Nate Carlson <natecars@real-time.com>
Date: Mon, 24 Apr 2000 13:48:21 -0500 (CDT)
In-Reply-To: <Pine.LNX.4.10.10004241202180.19839-100000@destiny.ringworld.org>

On Mon, 24 Apr 2000, Scott Dier - dieman wrote:
> > Only problem with setting default policy of DENY is you don't get logging
> > when packets are denied...
> 
> NO! its good to do both.
> 
> What if you somehow have a chain that you can sneak through that gets by
> the default-deny?  I could write up a plausable situation.
> 
> Just remember to send it off to an LDROP chain when wanted.
> 
> You dont really want to log *everything* that drops, do you?  CIFS
> broadcasts are annoying as hell to watch.

...and for anything common (cifs broadcasts, smb broadcasts, etc), just
add a chain that denies but does not log. Yeah, I like to see everything
that gets denied that I didn't specifically say 'do not log'..

-- 
Nate Carlson <natecars@real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500

References:
- Re: [TCLUG:16582] Firewalls revisited...
  - From: Scott Dier - dieman <dieman@ringworld.org>

Prev by Date: Re: [TCLUG:16611] HylaFax
Next by Date: XFree86 4.0 RPMs
Prev by thread: Re: [TCLUG:16582] Firewalls revisited...
Next by thread: Re: [TCLUG:16582] Firewalls revisited...
Index(es):
- Date
- Thread