[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggestion to all about firewalling




Our rules are for Forwarding/Masquerading. Also, a little bit of security
with "drop if source = 192.168.1.x and interface = ppp0". Also, we are
shutting down icmp echoes with the proc mechanism, to avoid DoS attacks.
Our /etc/inetd.conf only includes IMAP, which is necessary for e-mail
reading. We want people to be able to read its mail from the outside, so
we don't deny it at ip-chains level.

Additional security is something we'll be adding at the medium term. At
the moment, that's all we are using. Maybe we'll adopt tighter security
parameters (read --paranoid --pedantic) later.

We have our ipchains file (created with ipchains-save) at

http://redesc.linux.org.mx/CVS/Dist/redesc-srv-base/ipchains

It would be helpful if you could send a new ipchains, explaining every
rule. I could try it right on in the test server and see if it works, then
integrate it in the next release.

Greetings,
Arturo