[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: NOUSER



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Rick Stevens wrote:
<<-- SNIP -->>
>> Hi
>> Sorry to hijack this tread. The above should it be before, or after
>> you allow the ssh port ?
>
> Before.  You want packets NOT rejected by that bit to fall through to
> other rules for further processing.
>
> ----------------------------------------------------------------------
> - Rick Stevens, Principal Engineer             rstevens internap com -
> - CDN Systems, Internap, Inc.                http://www.internap.com -
> -                                                                    -
> -        Change is inevitable, except from a vending machine.        -
> ----------------------------------------------------------------------
>

YES, and at the very bottom be sure to add the DENY or LOG and DROP
line.  The default for the interface rule is sometimes easily missed
by the eyes and having a glaring, catch all rule at the bottom makes
it stand out when you have problems.

- -James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFG6tqtkNLDmnu1kSkRAsZ0AJ0duCgv6CPzyubf3yWS3XFW8qD7sgCdFg5E
ajSfilwXZDFsq/JJo1bRjQA=
=lNn4
-----END PGP SIGNATURE-----

-- 
Scanned by ClamAV - http://www.clamav.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]