decrypting iptables?
Bill Davidsen
davidsen at tmr.com
Wed Dec 3 14:04:38 UTC 2008
Tim wrote:
> On Mon, 2008-12-01 at 17:36 -0500, Bill Davidsen wrote:
>> Do you have any ESTABLISHED that you wouldn't ACCEPT? I just take them
>> all.
>
> Can't think of any at the moment, though there's some RELATED traffic
> that I might have trepidations about. I don't know what the rules
> consider to be related, but I'd be annoyed at something like the
> following (which does happen).
>
Yes, RELATED is a different issue, and is not made easier by a lack of
documentation and configuration tools. I would love to have an easy to use tool
to tune that and save configuration.
> e.g. You browse to a website, and it connects back to you to look at
> your identd service (if you have one), regardless of whether you're
> logging on or browsing anonymously.
>
> I want "related" to mean appropriately related traffic to what I'm
> doing, not anything back from something that I've made some sort of
> connection to.
>
> And I can well imagine parents might relent and allow IM chat, but block
> the ports used for webcams and IM file transferring.
>
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list