IPTABLES doesn't work
Ben Steeves
bcs at metacon.ca
Fri Jan 30 03:58:05 UTC 2004
On Thu, 2004-01-29 at 23:46, smoothmilk wrote:
> heh, considering that RH includes this tool and it doesnt work out of
> the box, I'd say it should be a concern to the people who could possibly
> fix that, perhaps those people read this list. I mean, when you install
> fedora/redhat, it says do u want a firewall? If you choose yes, (which i
> did) it's not going to do anything--even something very very simple like
> deny all incoming new connections.
>
> The following are what I have with only ftp allowed and eth0 trusted..
Think about that. Eth0 is trusted... Now, look at this...
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
...it's doing *EXACTLY WHAT YOU TOLD IT TO DO*.
It's not broken -- you don't know what you're doing. There's a
difference.
If you trust eth0, then any traffic to or from eth0 will automatically
be trusted. That trumps all the rules you've put in place before. That
seems pretty obvious to me.
--
Ben Steeves _ bcs at metacon.ca
The ASCII ribbon campaign ( ) ben.steeves at unb.ca
against HTML e-mail X GPG ID: 0xB3EBF1D9
http://www.metacon.ca/ascii / \ Yahoo Messenger: ben_steeves
More information about the fedora-list
mailing list