Firewall Wizards mailing list archives
Re: IPChains and firewall rules
From: marty <marty () supine com>
Date: Sat, 26 Aug 2000 18:05:44 +1000 (EST)
There isn't going to be any blocking of internal to external traffic. There will be DHCP for the internal network and IPMasq running of course. What about IP spoofing, any rules that should be added for that? There will be no users logging in from the outside for now ( maybe with SSH later on, but I don't think that will be a problem).
A few things you have to consider: the "internal -> external" traffic you are letting thru will generate responses which need to be let back thru the firewall (best done by the firewall holding state - ie. it remembers what connections have been opened by internal hosts and allows traffic thru for those connections)... if you are allowing ftp, either you need some way of the firewall to recognise the ftp server opening a valid data channel, or the clients need to support passive open, where they initiate the connection... later marty "I can't buy what I want because it's free. Can't be what they want because I'm me." - Corduroy, Pearl Jam _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- IPChains and firewall rules Simeon Johnston (Aug 25)
- Re: IPChains and firewall rules Darren Reed (Aug 26)
- Re: IPChains and firewall rules marty (Aug 26)
- <Possible follow-ups>
- RE: IPChains and firewall rules Henry Sieff (Aug 26)