[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RedHat upgrade time



<snip>
>> Serious firewalls are dedicated boxes, and we still have a few 6.2 boxes 
>> employed as firewalls. The iptables syntax is so different from ipchains, 
>> with just enough similarities to try to see the two as related, when they 
>> really aren't. In a way, I'll be sad to see the support for 6.2 
>> discontinued, because IMHO it was a really nice cross between simplicity 
>> and power/functionality on servers.
>
>I also setup iptable rules on general servers, not just machines that 
>serve a 'firewall' function.   For an apache machine, I use a default deny 
>and only allow port 80 and whatever else is necessary.  (including the 
>outbound chain)   It's prevented a number of problems.. and helps stop 
>certain exploits.  

On every machine on the INT_NET also, depending on what it's running. Even 
my untrusty old windoh$ box has zonealarm running, and it isn't allowed to 
access the 'net directly.

>6.2 is dependable, I only moved to 7.3 because i wanted iptables out of 
>the box.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]